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Trusted  Processes 
Semi -Forma I  Description 


This  document  contains  a  semi-formal  description  of  the  trusted 
processes  of  the  kernel  ized  Vfl/378  operating  system*— -The  formal 
specification  and  a  prose  description  of  the  f»Ve  trusted 
processes  are  contained  in  document  Ttt-6062/181/00,\  "KVfl/370 
Formal  Spec' f i cat  ion".  \ 
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Operator  Process 
-Formal  Description 


This  section  contains  a  semi-formal  description  of  the  Operator 
Process  of  KVM/370. 


Data  Types 


primitive  types  and  structuring  mechanisms: 

boolean  tunordered,  two  elements:  true,  false!  j 

string  [unbounded,  predefined  string  of  length  zero:  nl  U 
integer  subrange 

scalar  (ordered  element  list! 

list  (of  any  type,  predefined  empty  list:  mil 

set  (of  any  type,  predefined  empry  set:  ni tl 

record  (field  list!  , 


|  undefined  types: 

I 

ProcessName 
Message Id 

>  ,  CnmmandName 

» 

ConsoleOu tputStatus:  scalar! 
Continuing, 

Idle) 


ResponsoStatus:  scalar( 
NoHesponse, 
Responded) 


RequestCategory:  scalar! 
OpRequest, 

i  ReadQpRequest, 

Pr  intOpflsg, 
MapUserld) 


Answer: 

record 

HMS:  string 
Text:  string 
end 
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Responses  lot: 

record 

Respondent:  ProcessName 
Text:  string 
State:  ResponseStatue 
end 


PendingRequest: 

record 

Msgld:  Messageld 
Kind:  RequestCategory 
Command:  CommandName 
Responses:  set  of  Responses  lot 
end 


LogL ine: 


record 

Num:  1..99 
Line:  string 
end 
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Data  Structures 

Answers*  list  of  Answer 
Pendlngflequestst  set  of  Pendlngflequest 
Logflessagei  set  of  L'ogLine 
CommandExpectedt  boolean 
Conso  I  eOu tputState:  Conso I  eOutputStatus 
CurrentNkcpst  set  of  ProcessName 
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Invariant  Assertions 


for  all  (Pl,P2»PendingRequest)  in  PendingRequestsi 
(Pl.flsgld  -  P2.f1sgld  ->  PI  -  P2) 

ft 

for  all  (PjPendinqRcquest)  in  PendlngRequestst 
(for  all  <R1  ,R2j Responses  lot)  In  P. Responses! 
(Rl. Respondent  -  R2. Respondent  ->  R1  •  R2) 

& 

for  some  (RsResponseSlot)  In  P. Responses: 

(R. State  -  NoRosponse) 
ft 

~Empty(P. Responses) ) 
ft 

for  all  (Ll,L2:LogLine)  in  Logflessage: 

(l.l. Nun  m  L2.Num  ■>  LI  •  LZ) 
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Global  Macros  /  Functions 


primitive  macros  functions* 

Head  (I istJ 
Tai i  (fist) 

Empty tlist/set) 

Append  1 1 i st/set, entry) 
Insert  (1 1st, entry] 


(as  yet)  undefined  macros  /  functions* 

ClockRead 
MsgName 
Oest inat ion 
OeviceType 
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MsgNet}  procaaa 

A>  aubdrlver  of  OpProcaaa, 

handling  messages  from  Network  Procaaa  \)/ 


givani  Hagldt  Haaaagald 
Text}  string 

entrys  juat  received  message.  Source  >  NetuorkProceaa 

actiont  If  for  aome  (PsPendingRequest)  in  PendlngRequeatai 
P.flagld  -  flsgld 
then  /*  reapcnae  to  request  */ 

case  P.KInd}  RequeatCategory  of 
PrintQpMag} 

case  MagName  [Text]  of 
OpMagPr inted} 

if  Empty [Anauara] 

than  ConsoleQutputState  <- 
Idle 

elaa  Kerne! Cal  I  CSendflasaage ( 
.°r  intOpflag  [ 

Head [Anauara] ] , 
Ne^workProceaa)] 
ConaoleOutputStata  <- 
Continuing 
Anauara  <- 

Tai 1 [Anauara] 
end 

OpHi tAttn} 

CommandExpected  <-  true 
ConsoleQutputState  <-  Idle 
Kerne  I  Cal  I [Sendees sage  ( 
ReadOpRequest, 
NetuorkProceaa)] 


other} 
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ReadOpRequesti 

cast  MsgName [Text]  of 
OpRequastRaadi 

ProctssCommand [Text] 

If  CommandExpected 
& 

ConaolaOutputStata  ■  I d I  a 
& 

~Empty [Ansuera] 
than  Kama  I  Cal  I  [Sendfleseage  ( 
Pr In tQpttagt 
Haad  [Ansuera] ] , 
NetuorkProceas) ] 
ConaolaOutputStata  <- 
Continuing 
Anauara  <- 

Tall [Anauara] 
and 

OpHItAttns 

ComnandExpactad  <-  trua 
ConaolaOutputStata  <-  Idla 
Kerne  I  Cal  I  tSendtleaaage  ( 
RaadOpRaquaat, 
NatuorkProcaaa)] 


others 
error 
and 

OpRaquaati 

arror  on  riogNametTextJ  ResponaaToOpRaquaat 
ProcaaaRaaponaa 

others 
error 
end 

else  /»  request  */ 

case  HsgName (Text]  of 
OpHi tAttn: 

CommandExpe- ied  <-  true 
ConsoleOutputState  <-  Idle 
KernalCal  I  [Sendflessage  ( 

ReadOpRequest, 

NatucrkProcess) J 

Opera  torRaquaa  t  s 

Anauara  <-  Append [Anauara, 

<Hf1S  ■  ClockReadi], 

Text  -  Text*] 

i 

i 
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end 


otherj 

error 


end  flegNet 


end 


9  December  1977 
Operator  Process 


System  Development  Corporation 
TM-60G2/1 11/00 


llagAutht  process 

/ \V  subdriver  of  OpProcess, 

handling  massages  from  the  Authorization  Process  */ 

givent  tlsgldt  fits  sage  Id 
Text!  string 

entry!  just  received  message,  Source  *  AuthProcess 

action!  if  *or  some  (PiPendlngRaquest)  in  PsndingRequestsi 
P.ttagld  -  llsgld 
then  /*  response  to  request  */ 

case  P.KindiRequestCatagory  of 
OpRequesti 

error  on  MsgName CTextl 

—  ReeponssToOpRequest 
ProcessResponse 

HapUserldi 

error  on  ttsgNama (Text! 

—  flappedUser  1  d 
case  P.Command:CommandNama  of 
FORCE-USERID, 

MESSAGE -USERID, 

UARNlNG-USERlOt 

0pCat3a 

I  NO!  CATERER . 

LOCK-USER 10. 

QUERY-PRIORITY, 

SET-FAVORED, 

SET-RESERVEO, 

SET-PRIORITY, 

UNLOCK-USERID, 

LOCATE-USERID; 

0pCat3b 

ACNT-USERIDSi 

0pCat7 


end 


other! 

error 

end 

other: 

error 
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else  /*  request  it/ 

case  MsgName [Text]  of 
QperatorReques*: 

Answers  <-  vpend  [Answers, 

<HHS  ■  ClockReadC], 
Text  »  Text>3 

AddNkcp: 

Authl 

OeletsNkcpt 

Auth2 

others 

error 

end 


end  MsgAuth 


end 
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MsgAcnt:  process 

/*  subdriver  of  OpProcess, 

Handling  messages  from  the  Accounting  Process  it/ 


given:  Hsgld:  Hessagald 
Text:  string 

entry:  just  received  message,  Source  -  AcntProcess 


act  ion: 


end  dsgAcnt 


if  for  some  (P.PendingRequest)  in  PendingRequests: 
P.Hsgld  »  Hsgid 
then  /*  response  to  request  */ 

error  on  <*(P.Kind  -  OpRequest 

& 

HsgName (Text!  -  ResponseToQpRequest) 
ProcessResponse 
else  /*  request  it/ 

error  on  MsgName  [Text!  OperatorRequest 
Ansuers  <-  Append  tAneuer ,  <Hf1S  ■  ClockReadtl, 

text  -  Text>l 


end 
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ttsgNkcp:  process 


/ft  subdriver  of  OpProcess* 

handling  messages  from  all  Nkcps  */ 

given*  flsgld:  flessageld 
Texts  String 
Process:  ProcsssName 


entry:  just  received  message.  Source  ■  Process  (an  Nkcp) 


action: 


for  some  (PsPsndlngReguest)  in  PendingRequests: 

P. flsgld  -  flsgld 
then  /ft  response  to  request  ft/ 

error  on  (P.Kind  <«■  OpRequest) 
or 

(MsgName  (Text]  ResponseToOpRequest) 
FrocessResponse 
else  /f<  request  */ 

error  on  ftsgName  CTextJ  OperatorRequest 
Answers  <-  Append  (Answers, <HMS  -  ClockReadD, 

Text  -  Text>] 


end  flsgNkcp 


end 
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macro 


ProcessCommand  [Text: str ing]  - 


if  CommandExpected 

then  case  CommandName [Text]  of 
DIAL, 

LOGON, 

LOGOFF, 

SET-RECORD,  SET-MODE, 

SLEEP, 

UNLOCK-SYSTEM,  UNLOCK-VIRT, 
ATTACH-CHANNEL, 

DETACH-CHANNEL, 

OISCONN, 

SAVESYS: 

OpCatB 

AUTOLOG, 

I  NO I  CATE— 1 0,  IN01CATE-PAG1NG, 
LOCK-SYSTEM, 

MON I TOR-NKCP, 

NETWORK, 

OUER Y-PAG I NG ,  QUER Y-SASS i ST*NKCP , 
QUERY-OASO,  QUERY-TAPES 
QUERY-LINES,  QUERY-GRAF, 
aUERY-SYSTEM,  QUERY-USERS, 
QUERY-NAMES, 

QUERY-USERID,  QUERY-UR, 
QUERY-DUMP,  QUERY-FILES, 

QUERY-RE AOER,  QUERY-PRINTER, 
QUERY-PUNCH,  QUERY-HOLD, 
SET-SASSIST-NKCP,  SET-OIW, 
UNLOCK-SYSTEM, 

BACKSPAC, 

CHANGE, 

DRAIN, 

FLUSH. 

FREE. 

HOLD, 

ORDER. 

PURGE. 

REPEAT, 

SPACE, 

START, 

TRANSFER, 

01  SABLE, 

ENABLE. 

LOADBUF, 

ACNT -PUNCH, 

OOP, 

DMCP, 

STCPs 

OpCatl 
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F0RCE*-ALL, 

INOICATE-LOAO,  INDICATED-QUEUES, 
MESSAGE  *-ALL, 

MONITOR-ALL, 

Ql  1ER  Y-S  ASS  l  ST-ALL .  QUERY-TOSK , 
SET-SASSI ST-ALL, 

UARNING-ALL, 

ACNT-ALL: 

0pCat2 

FORCE -USERID. 

I  NO I  CATE-USER, 

LOCK-USERID, 

MESSAGE-USERID, 

QUERY-PRIORITY, 

SET-FAVORED,  SET-RESERVED, 
SET-PRIORITY, 

UNLOCK-USERID, 

UARNING-USERIO, 

LOCATE-USERIO, 

ACNT-USERIDSi 

OpCatP 

QUERY-RAOOR, 

ATTACH-RAOOR, 

DETACH-RAODR, 

VARY, 

LOCATE-RAODR: 

0pCat4 

HALT, 

QUERY-STORAGE: 

OpCatS 

QUERY-LOGMSG: 

0pCat8a 

SET-LOGMSG: 

0pCat8b 

QUERY-ALL: 

0pCat9 

SHUTOOUN: 

OpCatlB 

other: 

error  /*  specification  error  */ 

end 

else  Av  must  be  set  logmsg  */ 

OpCatSc 

end 
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KernelCal I  [ReceivelnterruptsJ 
Kerne  I  Cal  I  [Re I easeCPU) 
end  OpOr i ver 
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Entry  /Exit  Condi tiono 


OpCatSi  Not  legal 

commandos 

DIAL 

LOGON 

LOGOFF 

SET -RECORD 

SET-flOOE 

SLEEP 

UNLOCK-SYSTEM 

UNLOCK-VIRT 

ATTACH-CHANNEL 

OETACH-CHANNEL 

OISCONN 

SAVESYS 


exit:  N"Ansuers  •  Append  [Answers, ErrorMassageJ 

N"CommandExpected  ■  true 


uhere 

ErrorMessage  ■  <HMS  ■  Cl  sckReadU, 

Text  -  "Hot  a  legal  command. "> 


IS 
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OpCatl : 


Single  message  sent 
No  mappings 

Single  response  expected  (unless  marked  by  *) 


commands: 


AUTOLOC 

QUERY-PAGING 

ftSET-OUMP 

INOICATE-IO 

-SASSIST-NKCP 

UNLOCK-SYSTEM 

•-PAGING  «-OASO 

BACKSPAC 

LOCK-SYSTEM 

-TAPES 

CHANGE 

dONI TOR-NKCP 

-LINES 

DRAIN 

NETWORK 

-GRAF 

FLUSH 

-SYSTEM 

FREE 

-NAMES 

HOLD 

-USERS 

ORDER 

-USER  10 

PURGE 

-UR 

REPEAT 

-DUMP 

SPACE 

-FILES 

START 

-REAOER 

‘  TRANSFER 

-PRINTER 

DISABLE 

-PUNCH 

ENABLE 

-HOLD 

L0AD8UF 

SET-SASSIST-NKCP 

ACNT -PUNCH 

nro 

DCP 

OMCP 

STCP 


exit:  N"PendingRequests  -  Append (PendingRequests, Entry! 

N"CommandExpected  -  true 

uhere 

Entry  -  <f1sgld  •  neutOpMsgJ, 

Kind  »  OpRequeet, 

Command  -  Command, 

Responses  -  set: 

URespondent  »  Dest i nat ion (Command! , 

Text  ■  nil. 

State  -  NoResponse>l > 

Kerne  I Cal  ted  (Senddessage (Oest inat ion [Command! ) ] 
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OpCat2: 


Multiple  messages  sent  —  one  to  each  NKCP 
No  mappings 

Multiple  responses  expected  (unless  marked  by  *) 


commands : 

ivPORCF*-ALL 
INniCATErLOAD 
IND!CATE«-QU6UES 
MESSAGE^AIL 
MON  I  TOR*- ALL 
QUERY^SASSIST^AU 
QUERY-TDSK 
SET*-SASS!ST*-ALL 
*UARNING».ALL 
ACNT-ALL 

exit:  N"PendingRequssts  -  Append (PendingRequests, Entry] 

I'rCommandExpected  ■  true 

where 

Entry  -  «Msg(d  •  neuCOpMsgl, 

Kind  ■  OpRequest, 

Command  ■  Command, 

Responses  •  set: (for  all  (N:ProeessName) 

in  CurrentNkcps: 
Respondent  ■«  N, 

Text  «  nil, 

State  -  NoResponse>) » 

for  all  (N: Pr ocessName)  in  CurrentNkcps: 

Kerne  I Ca I  led (Sendllessage (N)  1 
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0pCat3: 


Single  message  sent 

SSSiSJ!  ar:  ,d  ^  N*CP  ld  performed) 

nSclIll  c?J r*9pon,a  expected  (marked  by  ,») 
upCa(3tt(  S ^ ng  f •  rttpont®  txpactid 


command®* 

>vFQRCE-U$£RID 
INOICA TE-USER 
LGCK-USERIO 
MESSAGE-USERID 
QUERV-PRIORJ  TV 
SET-FAVOREO 
SET -RE SERVED 
SET-PRIORITY 
UNLOCK -USER ID 
ivUARN  I NG-USER 1 0 
LQCATE-USERID 


given*  Nkcps:  set  of  ProcessName 


entry: 


for  at  I 
for 


(Nl: ProcessName)  In  Nkcpe 
some  (N2j ProcessName) 

,  CurrentNkcpe: 


t 


exit: 


N"PcndingRequests  - 
N  CommandExpected  - 


Append (Pend  I ngReques  t  s , En  tr u) 
true  * 


nhc.-c 

Entry  -  <flsgld  •  neuIOpfleg), 

Kind  •«  OpRequest, 

Command  •  Command, 

Responses  -  set:  (for  II  (N*Pr sceseName) 
_  in  rJkcpa: 

<Respondcnt  »  N, 

Text  ■  nil. 

State  ■  NoResponse>) > 

for  all  (N: ProcessName)  in  Nxcps: 

Kerne  I  Ca  1 1  ed  CSs  -idles sage  (N)  1 
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0pCat4t 


Single  message  aant  tot 

oithor  URProceee  or  AuthProcaaa 
Mapping!  raddr  ->  device  type 
Single  response  expected 


commands! 

QUERY.-RADOR 

ATTACH«-RADDR 

0ETACH*-RAD0R 

VARY 

10CATE-RA00R 

given!  Raddr i  atring 

exit!  N"Pendi ngRequea t a  - 

If  OevieeType [Raddr]  ■  UnitRecord 
then  Append  [Pend i ngRequea t a , En tryl ] 
else  Append [Pend I ngRequea t a , En tr y2] 
end 

N"CommandExpected  •  true 
where 

Entryl  -  <MsgId  ■  neutOpMagl, 

Kind  -  OpRequast, 

Command  -  Command, 

Reaponaea  -  aeti 

URespondent  ■  URProeeas, 

Text  ■  nil. 

State  -  NoReaponse>l > 

Entry2  •  <MsgId  ■  neutOpftag], 

Kind  «  OpRequeat, 

Command  -  Command, 

Reaponaea  -  aeti 

(^Respondent  -  AuthProcaaa, 

Text  —  nil. 

State  -  NoReaponae>] > 

if  Dev i ceType [Raddr]  ■  UnitRecord 

then  KernelCal ledtSendMeaaageUJRProcess)] 
else  KernelCal led[SendMessage(AuthProcess)] 
end 
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OpCatSt  Kernel  call 

No  mat saga  tant 
Command  answered 


command s i 

HALT 

QUERYmSTORACE 


exit! 


JPAnswers  -  Append  [An auer e, Entry] 
N  CommandExpected  ■  true 


Kerne  I Ca I  led  (Command (KResponte)  1 
where 

KResponae:  string 

Entry  -  <Hf1S  •  ClockReadU, 

Text  ■  KResponee> 
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Sing  I  a  message  to  AuthProcesa, 

to  perform  user  Id  -»  NKCP  Id  mapping  function 
Responaa  expected 


commands t 

all  commands  In  Op  catagorlas  3  and  7 

axlti  N"PendlngRaquests  *  Append tPend I ngRequeet a, Entry! 
N"CommandExpected  •  true 

where 

Entry  •  <Msgld  «■  newtOpflag), 

Kind  •  ‘lapUaerld, 

Comman-  •  Command, 

Raspc  .-es  ■  sett 

^Respondent  ■  AuthProcesa, 

Text  ■  nil, 

State  ■  NoResponse>l > 

Kerne ICa 1 1 ed  (SendHeseage (AuthProcesa) } 


i 


) 
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OpCe 1 7* 


Multiple  message* 
response  expected 
Mopping i  user  Id 


from  each 

->  NKCP  Id  (already  performed) 


commendi 

ACNTrUSERIDS 


g) veni 
entryj 

ex  1 1< 


fVKcpei  set  of  ProcaesNewe 

for  all  (NliProeeeeMeme)  In  Nkcpat 

f iS  Curran tNkcpat 

KcSSSeSStiJ  : 


for  til 


(NjPnocessName)  In  Nkcpsi 
Kerne  I Cai  iedfSendfleaaageW)) 


where 

Entry  -  <rtsgld  .  new fOpMsgl , 

^Ind  »  OpRequest# 

Commend  •  Command, 

Responses*  sett 

I  for  el)  (NiProceeeName) 
Respondent  •  N, 

Text  •  nil. 

State  »  NoResponae*) > 


In  Nkcpet 


i 
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0pCat8i  Logflessage  processing 


commands: 

QUERY«-LOGHSG 

SET«-L0Gf15G 

0pCat8a: 

QUERY-LOGnSG: 

exit:  N"Answers  ■  Append lAnsuers, Entry] 

N"CommandExpected  ■  true 

where 

Entry  ■  <Hf1S  ■  ClockReadC], 

Text  »  HakeStr  ing  [Logflessage] > 


0pCat8b: 

SET*-L0Gf1SG: 

exit:  N"Answers  -  Insert  [Answers, Prompt] 

N"CommandExpected  >  false 

where 

Prompt  •  <HMS  "nil. 

Text  -  "LOGHSG: *> 


0pCat8c: 

Logflsg  Line  Received 
given:  Line#:  1..99 
Line:  string 

entry:  CommandExpected  -  false 

exit:  NTommandExpected  -  true 

*  N"Logf1essage  ■ 

if  for  some  (L:LogLine)  in  Logflessage: 
(L.Num  -  Line#) 

then  Append  [Remove  [Logflessage, L]  .Entry] 
else  Append  [Logflessage,  Entry] 

end 


where 

Entry  -  <Num  -  Line#, 
Line  ■  Line> 
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OpCatS: 


Multiple  messages  tos 

AuthProcess  and  URProcess 
Kernel  cal  I 
No  mappings 

Multiple  responses  expected 


commands 

QUERY*- ALL 

exit:  N"Pend i ngRequests  -  Append [PendingRequests, Entry] 

N"CommandExpected  -  true 

KcrnelCal led  [Storage (KResponse)] 

Kerne  I Ca 1 1 ed  ISendMessage (AuthProcess) 3 
Kerne  I Ca I  led  (SendMessage (URProcess) 3 

uhere 

KResponse:  String 

Entry  »  <MsgId  »  neuCOpMsg], 

Kind  ■  OpRequest, 

Command  -  Command, 

Responses  -  set: 

(Respondent  -Kernel, 

Text  -  KResponse, 

State  «  Responded>, 

Respondent  -  AuthProcess, 

Text  -  nil. 

State  «  NoRe9ponse>, 

<Re9pondent  -  URProcess, 

Text  -nil, 

State  •  NoResponse>) > 
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OpCatl0:  Multiple  messages  tot 

AuthProcess,  URProcsss,  and  al I  NKCPs 
Kerne  I  call 
No  mappings 
No  responses  expected 


command: 

SHUTOOUN 

exit:  N"CommandExpected  -  true 

Kerne  I  Cal  I ed [Shutdown] 

Kerne  I  Ca  1 1  ed  (SendMessage  (AuthProcess)  ] 
Kerne  I Ca I  led (SendMessage (URProcess) ] 
Kerne  I Ca I  led (SendMessage (AcntProcess)  ] 
for  a  I  I  (N:ProcessName)  in  CurrentNkcps: 
Kerne  I  Cal  I ed (SendMessage (N) ] 
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Authls  Add  Nkcp 

given*  Nkcps  ProcessName 
entryi  true 

exit*  N"CurrentNkcps  •  Append  (Cur rentNkcpa,Nkcpl 
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Auth2i  Purge  Nkcp 

given:  Nkcp:  ProcessName 

entry:  for  some  (N: ProcessName)  in  CurrsntNkcps: 
N  -  Nkcp 

exit:  N”CurrentNkcps  -  Remove [CurrsntNkcps, Nkcp) 


30 


9  December  1977 
Unit  Record  Procese 


System  Development  Corporation 
TH-B0G2/1 11/00 


i 


( 


Unit  Record  Process 
Semi-Formal  Description 

This  section  contains  a  semi-formal  description  of  the  Unit  Record 
Process  of  KVfl/378. 


Data  Types 


primitive  types  and  structuring  mechanisms: 


boolean  [unordered,  two  elements:  true,  false) 

string  [unbounded,  predefined  string  of  length  zero:  nil] 

integer  subrange 


scalar  (ordered  element  list) 

set  (of  any  type,  predefined  empty  set:  nil) 

record  [field  list) 

union  [list  of  types  or  data  structures] 


unrefined  types: 

Devi ceAddr ess 
HarduareStatus 
flessageld 
ProcessName 


Class:  sea  I  art 
Aye, 
Dee, 
Cee, 
All) 


ResponseStatus:  sea  I  art 
MoResponse, 
Responded) 


RelDevRequestStatus:  scalart  /*  Relinquish  Device  Request  Statue  ■>>/ 
NoNecd, 

Shou I dSend, 

Sent) 
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CommandNamet  scalar! 

QUERY-UR-ALL, 

QUERY-RADOR, 

QUERY-F  I LES-USER I D ,  QUERY-F I LES-ALL , 
QUERY-ROPRPU-USERI D ,  QUERY-RDPRPUrSPOOLID, 
QUERY-ROPRPUrALL, 

QUERY-HOLD, 

BACKSPAC, 

CHANGE -USER ID,  CHANGE *-SYSTEf1, 

DRAIN, 

FLUSH. 

FREE. 

HOLD. 

OROER-USERID,  OROER-SYSTER, 

PURGE-USERID.  PURGE-SYSTER, 

REPEAT. 

SPACE. 

TRANSFER, 

LOCATE) 


RequestCategory:  scalar! 
OpRequest, 
RapUser I d, 
NeedNkcp, 

Re li nqu i shOev ice) 


InputOeviceStatus:  scalar! 

Sccur i tyHeader, 

Secur  i  tyHeoderUai  tForReady, 
At  tachPending, 

A 1 1  ached  T oSpoo I ingProcess, 
Avai lable. 

At  tachedToUser, 

De tachPending, 

Of  fL i ne) 


OutputDev i ceStatus:  scalar! 

Secur i tyHeader, 

Secur i tyHeaderUai tForReady, 

A t tachedToSpoo I ingProcess, 
Secur i tyTrai ler, 

Secur i tyTrai lerUai tForReady, 
Avai lable. 

At  tachedToUser, 

Do tachPending, 

Of  fLinc, 

Loadbuf Pending, 

LoadbufUai tForReady) 
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TapeDr i veSta tus:  sea  I  art 
Avai I  able, 

At  t ached, 

Of  fL I ne, 
OetachPending) 


Act i vi tyStatusj  scalar ( 
NotSpool ing. 
Drained, 
Started, 
Draining) 


Spool  I di 

record 

Process?  ProcessName 
File:  0. .999 
end 


OORequestStatus:  scalar ( 
Processing, 

Uai t ingForDevice) 


Ou  tpu tDev i ceRcques  t : 
record 

Process:  ,’*  •  >ssName 
RequestedCi  .as:  set  of  Class 
AttachedOcv:  CeviceAddress 

State!  OOReq_>stStatus 

end 


TapeDr i veEntry: 

record 

Raddrj  DevicoA  sss 

State:  TapeOr i vebtatus 
A t t achedProcesst  ProcessName 

end 


Responses  lot; 

record 

Respondent!  ProcessName 
Text:  string 

State:  ResponseStatus 

end 
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PendingRequest: 

record 

flsgld:  ricssageid 
Kind:  Roques tCategory 
Command:  CommandName 
Responses:  set  of  ResponseSlot 

end 


ReaderEntry: 

record 

Raddr:  DevIceAddress 
State:  Act i vi tyStatus 
CyclePosi tion:  InputOevi ceStatus 
AttachedProcess:  ProcessName 
ClassesServedCurrently:  set  of  Class 
ClassesServedNextCycle:  set  of  Class 
Channe IS tatusUord:  HarduareStatus 
LineBuffer:  string 

end 


Pr InterEntry: 

record 

Raddr:  Dev i ceAddress 

State:  Activi tyStatus 

Cyc I ePos i t i on:  OutputQev i ceStatus 

AttachedProcess:  ProcessName 

ClassesServedCurrently:  set  of  Class 

ClassesServedNextCycle:  set  of  Class 

Re  I inquishOeviceRequeatState:  RelOevRequestStatua 

Channe IStatusUord:  HarduareStatus 

end 


PunchEntry: 

record 

Raddr:  Dev i ceAddress 

State:  Activi tyStatus 

Cyc I ePos i t i on:  OutputOev i ceStatus 

AttachedProcess:  ProcessName 

ClassesServedCurrently:  set  of  Class 

ClassesSe-vedNextCycle:  set  of  Class 

Re  I InquishOeviceRequeatState:  RelOevRequestStatus 

Channe IS tatusUord:  HarduareStatus 

end 
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NkcpEntry: 

record 

Process!  ProcessName 
Usab I  eReader si  set  of  DeviceAddress 
Usab I ePr inters!  set  of  OeviceAddress 
Usab I ePunches:  set  of  DeviceAddress 
UsableTapeOr I  vest  set  of  OeviceAddress 

end 


DeviceEntryj  union  o f ( 
ReaderEntry, 

Pr interEntry, 
PunchEnt  :y) 


OutputOeviceEntryi  union  of( 
Pr interEntry, 
PunchEntry) 
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Oata  Structures 

Shut t ingOowm  boolean 

Rcadersi  set  of  ReaderEntry 

Prlntcrei  set  of  PrinterEntry 

Punches!  eet  of  PunchEntry 

TapeOrlvesi  set  of  TapeOr IveEntry 

Pr interSpoolRequests!  set  of  OutputOevIceRequest 

PunchSpoo  I  Requests:  set  of  OutputOovicsRsquest 

CurrentNkcpsi  set  of  NkcpEntry 

PendingRequests:  set  of  PendingRequest 

Devices!  union  of (Readers,  Printers,  Punches) 
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V  Initial  Conditions 


Empty  [PendlngRequeetel 
& 

Empty (CurrentNkcpel 
4 

Empty IPr intarSpoo (Request a) 

& 

Empty  (PunchSpoo I  Request si 
& 

(«*Shut  t  ingOoun) 

& 

for  all  (RjReaderEntry)  In  Raaderet 
(Reader  I nlni t ialStatsCRJ ) 

& 

for  all  (Pr:Pr InterEntry)  in  Printers* 

(Pr inter  I nlni 1 1  a iState IPr] ) 

£ 

for  al I  (PujPunchEntry)  in  Punches* 
(Punchlnlni t i a IState (PuJ ) 

& 

for  all  (Tt TapeOr i veEntry)  in  TapeOrives* 
(TapeOr Ivelnlni t i a  I  State  CT] ) 
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macro 


macro 


macro 


macro 


Readerlninl 1 1  a (State (RsReaderEntryi  ■ 
(R. State  *  Drained 
A 

R.CyclePoei tlon  -  Available 
A 

R. At tachedProceee  -  URProceca 
A 

R. L I neBuf  fer  —  nil 
A 

Empty (R.ClaeeeeServcdCurrent lyl 
A 

Empty  tR.CI aeaeeServedNextCyc le] ) 


Pr  I  nter Ini ni t i a  I  State  £Pj Pr in terEn try]  ■ 

(P. State  ■  Drained 
A 

R.CyclePoei tion  -  Available 
A 

P. At tachedProceee  ■  URProcese 
A 

Empty  tP.C I aeseeServedCurrent lyl 
A 

Empty  [P.  C I  asseeSer  verlNex  tCyc  I  el 
A 

P.Rel inquishOeviceRequeatState  *  NoNeed) 


Punchlnlnl tialStatetPsPunchEntry]  - 
(P. State  -  Drained 
A 

P.CyclePoei t ion  »  Available 
A 

P. At tachedProceee  -  URProceea 
A 

EmptyJP. C I aeeeeServedCurrent I yJ 
A 

Empty  [P. C I asseeServedNextCyc I  el 
A 

P.Rel inquishOeviceRequeatState  •  NoNeed) 


TapeOr I vel ni n i t i a  I  State [T s  TapeOr I veEntry]  - 
(T. State  -  Avai table 

A 

T, At tachedProceee  ■  URProceea) 
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Inver  lent  Aeeertlone 


for  all  (Rl,  R2:ReaderEntry)  in  Readers 
Rl.Raddr  »  R2.Raddr  ■>  Rl  •  R2 

for  all  (Prl,  Pr2:Pr interEntru)  In  Printers: 
Prl.Raddr  •  Pr2.Raddr  ■>  Prl  ■  Pr2 

for  all  (Pul,  Pu2:PunchEntry)  In  Puncheet 
Pul.Raddr  ■  Pu2.Raddr  »>  Pul  •  Pu2 

for  all  (Tl,  T2: TapeDr i veEntry)  In  TapeQrlveei 
Tl.Raddr  •  T2.Raddr  •>  Tl  ■  T2 


for  all  (RtRcaderEntry)  In  Readerei 

(for  all  (PrtPr interEntry)  In  Printers: 
(R.Raddr  Pr.Raddr) 

& 

for  all  (PutPunchEntry)  In  Puncheet 
(R.Raddr  —  Pu.Raddr) 

& 

for  all  (TtTapeOri veEntry)  in  TapeOriveet 
(R.Raddr  *•*  T.Raddr)) 
i 

for  all  (PrtPr interEntry)  in  Printers: 

(for  ail  (PutPunchEntry)  in  Puncheet 
(Pr.Raddr  Pu.Raddr) 

& 

for  all  (T: TapeDr i veEntry)  In  TapeOriveet 
(Pr.Raddr  —  T.Raddr)) 


i 

for  all  (PutPunchEntry)  in  Punches: 

for  all  (T: TapeDr i veEntry)  in  TapeOriveet 
Pu.Raddr  T.Raddr 


A 
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( (R. State  -  NotSpooling)  ■> 

R.CyclePosi t ion  inset  lAt tachPending, 

DetachPending, 

AttachedToUser, 

OffLinel ) 
ft 

i(R. State  NotSpooling)  ■> 

R.CyclePosi t ion  inset  ISecuri tyHeader, 

Secur i tyHsaderUa i tForReady, 
AttachPending, 

At tachedToSpoo I ingProcess, 
Avai table) ) 
ft 

( (R.  Cyc I ePos i t i on  -  Available)  ■> 

(R.C I assesServedCurrent ly  *  R.ClassesServedNextCycle 
ft 

H. At tachedProcess  -  URProcess)) 


for  all  (PjOutputDeviceEntry)  in  OutputDevices: 

( (P.  State  ■  NotSpooling  -> 

P.CyclePosi  t  ion  inset  (At  taciiPending, 

OetachPending, 

AttachedToUser, 

OffLine) ) 
ft 

(P. State  NotSpooling  ■> 

P.  Cyc I ePos i t i on  inset  ISecur i tyHeader , 

Secur i tyHeaderUai tForReady, 
Secur i tyTra i ier, 

Secur  ityTrai  I erIJai  tForReady, 
At tachedToSpoo I ingProcess, 
Avai table) ) 
ft 

(P. Cyc I ePos i t i on  ■  Available  ■> 

(P. C I assesServedCurrent I y  ■  P. C I assesServedNextCuc I e 
ft 

^  P. At tachedProcess  -  URProcess)) 


for  all  (DRsOutputDeviceRequest)  in  Pr interSpoo IRequests: 
for  some  (NsNkcpEntry)  in  CurrentNkcps! 

N. Process  -  DR. Process 

for  all  (DRjOutputDeviceRequest)  in  PunchSpoo IRequests: 
for  some  (NjNkcpEntry)  in  CurrentNkcps: 

N. Process  »  DR. Process 
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for  all  (N1 ,N2:NkcpEntry)  in  CurrentNkcpss 
(Nl. Process  »  N2. Process  ->  N1  -  N2 ) 


for  all  (Pl.P2:PendingRequest)  in  PendingRequests: 
(Pl.flsgld  -  P2.risgid  ->  PI  «  P2) 

& 

for  all  (PsPendinqRequest)  in  PendingRequests: 

(for  all  (Rl,R2:ResponseSlot)  in  P. Responses: 
(R1 .Respondent  -  R2. Respondent  ■>  R1  -  R2) 

& 

for  some  (R:ResponbeSlot)  in  P. Responses: 

(R. State  ■  NoRespone) 

& 

-Empty (P. Responses] ) 


for  a  I  I 
( ( for 


& 

(  for 


& 

(  for 


& 

( for 


(N: NkcpEntry)  in  CurrentNkcps: 
all  (D:DeviceAddres3)  in  N.Usab I  eReaders: 
for  some  (R:RcaderEntry)  in  Readers: 

R.Raddr  -  D) 

all  (0:0eviceAddress)  in  N.UsablePrinters: 
for  some  (Pr:Pr interEntry)  in  Printers: 
Pr.Raddr  •  D) 

all  (0:0eviceAddress)  in  N.Usab I ePunches: 
for  some  (Pu:PunchEntry)  in  Punches: 
Pu.Raddr  -  0) 

all  (0:0eviceAddress)  in  N.UsableTapeDr i ves: 
for  some  (T: TapaDr iveEntry)  in  TapeDrives: 
T.Raddr  -  D) ) 


Corporat ion 
6062/111/00 
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Legality  Checks  upheld  in  Driver: 

lOInterrupt  (Raddr)  ■■> 

for  some  (D:DeviceEntry)  in  Devices: 

(J. Raddr  «  Raddr 
& 

D.CyclePosi tion  inset  (Available,  Securi tyHeader, 

Secur  i  tyHeaderUai  tForReadtj, 
Secur i tyTrai I er , 

Secur i tyTrai lerUai tForReadyi ) 


I 


I 


1 

s 


9  December  1977  System  Deve  lopmunt  Corporation 

Unit  Record  Process  TH-60S2/1 11/08 


Global  Macros  /  Functions 


primitive  macros  /  functions: 

Append  (set, entry] 

Remove  (set, entry] 

Empty  (se  t, entry] 

undefined  macros  /  functions: 

Kerne  I Ca I  led 

macro  Relni  t  i al  i  zel nputSpoolOevice (R:ReaderEntry]  ■ 
if  R. State  «  Draining 

then  R. State  <-  Drained 

KernelCal  I  (Sendflessage  (Drained  CR.Raddr]  ,0pProce3s) ] 

end 

R.CyclePosi tion  <-  Available 

R.ClassesServedCurrently  <-  R.ClasseaServedNoxtCycle 
R.AttachedProcess  <-  URProcess 

macro  C I assesflatch (SI ,S2: set  of  Class]  - 
for  some  (Cl:Class)  in  SI: 
for  some  (C2:Class)  in  S2: 

Cl  -  C2 
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RD:  process 


/ft  subdriver  of  URProcess, 

handl ing  10  interrupts  on  readers  ft/ 

given:  R: ReaderEntry  in  Readers 

en^-y:  just  received  interrupt  on  R.Raddr 

action:  /*  pay  attention  to  only  those  interrupts 
that  we  care  about  ft/ 


error  on  R. State  Inset  INotSpool ing, 

Orainedl 

or 

R.CyclePosi tion  inset  I 

AttachPending, 
AttachedToSpool ingProcess, 
At tachedToUser, 

Oe tachPendi ng, 

Of fLinel 

case  R.CyclePosi tion: InputOeviceStatus  of 
Secur i tyHeader : 

if  R.ChannelStatusUord.Uni tCheck 
then  R02b 
e I se  R02a 

end 


Secur i tyHeaderUai tForReady: 

i f  R.ChannelStatusUord.Uni tCheck 
then  R02b 
else  R02c 
end 


end  RO 


Avai lable: 

if  ShuttingOoun 

then  Kernel  Cal  I tSendtlessage ( 

Physical  I yPurgeDeck [R.Raddr] , 
Oprrocesa) ] 

else  R01 

end 

end 
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PR:  process 


/*  subdriver  of  URProcess, 

handling  10  interrupts  on  printers  >>/ 

given:  P:Pr interEntry  in  Printers 

entry:  just  received  interrupt  on  P.Raddr 

action:  error  on  P. State  inset  (NotSpool ing. 

Drained) 

or 

P.CyclePosi tion  inset  ( 

AttachodToSpool ingProceee, 
At tachedToUser , 
DetachPending, 

Of fLine) 

case  P.CyclePosi tion:  OutputOeviceStatue  of 
Secur i tyHeader: 

if  P. Channe I StatusUord. Un i tCheck 
then  PR3b 
e I se  PR3a 

end 

Secur i tyHeaderUai tForReady: 

i f  P.ChannelStatusUord.Uni tCheck 
then  PR3b 
e I se  PR3c 

end 

Avai table: 

i f  (-Empty (Pr interSpool Requests] ) 

& 

P. State  »  Started 
* 

for  some  (DR:OutputDeviceRequesti 

in  Pr interSpoolRequests: 
(DR. State  «  Uai t ingForOevice 
& 

ClassesMatcht 

P.CIassesServedCurrent ly, 
DR.RequestedClasses] ) 

then  PRZ 
end 
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Securi tyTral leri 

i f  P.ChannelStatusUord.Uni tCheck 
then  PR5L 
else  PR5a 
end 

Secur i tyTrai IsrUai tForReadyt 

if  P.ChannelStatusUord.Uni tCheck 
then  PR5b 
else  PRSc 
end 

LoadbufPendingt 

PR6a 

LoadbufUal tForReadyt 
PRSb 


end  PR 


end 
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ttsgAuth:  process 

/ >v  subdriver  of  URProcese, 

handling  messages  from  AuthProcess  <«/ 

givent  flsgldt  flessageld 
Text*  string 

entry:  just  received  message,  Source  -  AuthProcess 

action:  if  for  some  (P:PendingRequest)  in  PendingRequests: 
P.flsgld  ■  ttsgld 
then  /*  response  to  request  ft/ 

case  P.Kind:  RequestCategory  of 
NeedNkcp: 

case  flsgName  [Text]  of 
AddedNkcp: 

DetermineRaddr (Text] 
error  on 

for  all  (R:ReaderEntry) 
in  Readers: 
(R.Raddr  -*•  Raddr) 

RD3a 

PendingRequests  <-  Remove! 
Pend  I ngReques  t  s , PI 

Cannot AddNkcp: 

DetermineRaddr  tText) 
error  on 

for  ail  (R:ReaderEntry) 
in  Readers: 
{R.Raddr  <*■  Raddr) 

RD3b 

PendingRequests  <-  Remove! 

Pend i ngReques  t  s ,  P) 


end 


other: 

error 
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HapUserld: 

error  on  hsgName  (Text]  '»■  Userldflapped 
I  f  Nkcp  t'ext]  ■  nil 

than  Kerne  I  Cal  I  tSendflessage  ( 
UnknounUser Id  [Text] , 
OpProcess)] 

PendingRequests  <-  Remove C 
Pend  I ngReques  t  s , PI 
else  Kerne  I  Cal  I [SendMessage  ( 

OpCmd  [Text] , 

Nkcp  [Text] ) 1 
end 

other: 

error 

end 

else  /ft  message  is  a  request  ft/ 
case  HsgName  [Text]  of 
AddNkcp: 

AUTH1 

OeleteNkcp: 

AUTH2 

At tachOevice: 

OetermineRaddr [Text] 
case  Devi ceType [Raddrl  of 
Reader, 

Printer, 

Punch: 

AUTH3abc 

TapeOrlve: 

AUTH3d 

end 

other: 

error 

end 


end  tlsgAuth 


end 
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flegOpi  process 

/ft  subdriver  of  URProcess, 

handling  messages  from  OpProcess  */ 

given:  flsgld:  Meseageld 
Text:  string 

entry:  just  received  message,  Source  -  OpProcess 

action:  If  for  some  (P:PendingRequest)  in  PendingRequests: 
P. flsgld  •  flsgld 
then  /*  response  to  request  ft/ 

/*  URProcess  currently  doesn’t  make  any 
requests  of  OpProcess:  error  */ 
error 

else  case  MsgName tTextl  of 
QUERY-UR, 

QUERY-ALL. 

QUERY-RAOOR, 

QUERY-TAPES, 

OP0 

QUERY-RE A0ER-SP00L I D , 

QUERY-PR I NTER-SPOOL ID, 
QUERY-PUNCH-SPOOL  I D , 
CHANGE-SYSTEfl-SPOOLID: 

0P1 

QUERY-FILES-ALL, 

QUERY-REAOER-ALL , 

QUERY-PRINTER-ALL, 

QUERY-PUNCH-ALL. 

QUERY-HOLD, 

CHANGE-S YS  TEN-CLASS-ALL : 

0P2 

QUERY-F I LES-USER I D , 
QUERY-READER-USERID, 
QUERY-PRINTER-USERID, 
QUERY-PUNCH-USERID, 

CHANGE -USERID, 

FREE. 

HOLD, 

ORDER-USERID, 

PURGE -USERIO: 

0P3 
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BACKSPAC, 

FLUSH, 

REPEAT: 

Det arm ineRaddr  [Text] 
case  DaviceTypetRaddr]  cf 
.  Printer, 

Punch: 

0P4ab 

other: 

error 

end 

SPACE: 

OetermlneRaddr [Text} 
case  OeviceType [Raddr]  of 
Printer: 

0P5 

other: 

error 

end 

0R0ER*-SYSTEH, 

PURGE -SYSTEM: 

OPS 

VARY-OFFLINE: 

DetermineRaddr  [Text] 
cane  DaviceTypetRaddr]  of 
Reader, 

Printer, 

Punch: 

OPSabc 

TapeOr ive: 

0P9d 

end 
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tlDVa  I 


VARY*-0NL1NEi 

OetermineRaddr [Text! 
case  DevIceType CRaddr]  of 
Raadert 
OP  10a 

Pr Inter, 

Punch i 
OP10bc 

TapeOr I  vet 
OP10d 
end 

ATTACH! 

DetermineRaddr [Text] 
caee  Devi ceType CRaddr]  of 
Reader, 

Printer, 

Punch! 

OPllabc 

TapeOr I  vet 
OPlld 
end 

DETACH! 

OetermineRaddr [Text! 
case  Oev I ceType CRaddr]  of 
Reader, 

Pr inter, 

Punch! 

0P12abc 

TapeOr ive i 
0P12d 
end 

LOCATE! 

OetermineRaddr  CText] 
case  Devi ceType CRaddr]  of 
Reader, 

Printer, 

Punch: 

0P7abc 

TapeOr i vet 
0P7d 
end 

SHUTDOUN: 

OP  8 
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START} 

OetermineRaddr  [Text] 
case  DeviceType tRaddr]  of 
Rvader: 

0P15e 

Printer, 

Punch: 

0P15bc 

TapeOr Ivet 
error 
end 

ORA IN: 

OetermineRaddr [Text] 
case  DevicaType CRaddr]  of 
Reader: 

0P14a 

Printer, 

Punch: 

0P14bc 

TapeOr I ve: 
error- 
end 

TRANSFER: 

0P16 

L0A08UF: 

OetermineRaddr  [Text] 
case  OsviceType[Raddr]  of 
Printer: 

0P13 

other: 

error 

end 

other: 

error 

end 


end  MegOp 
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flagNkcp:  proceae 

/ft  subdrlver  of  URProcass, 

handling  meaaagaa  from  Nkcpa  ft/ 

given:  Process:  ProcessName 
Msg t di  ftessageld 
Text:  string 

entry:  just  received  message,  Source  *  Process 

action:  if  for  some  (PiPendlngRequest)  in  PendingRequests: 
P.flsgld  -  flsgld 
then  Av  response  to  request  ft/ 

case  P.Kind:RequestCategory  of 
OpRequest: 
error  on 

HsgName  [Text]  —  ResponseToOpRequest 
ProcessResponse 

Re  I inqui shOevice: 

error  on  flsgName  [Text]  DetachOavice 
DetermineRaddr [Text] 
case  OeviceType [Raddr]  of 
Reader, 

Printer, 

Punch: 

NKCPlabc 

TapeOr i ve: 

NKCPld 

end 

other: 

error 

end 

else  /ft  request  ft/ 

case  flsyName  [Text]  of 
Oe tachSpoo I Oev i ce: 

DetermineRaddr [Text] 
case  OeviceType [Raddr]  of 
Reader: 

R04 

Printer: 

PR4 

Punch: 

PU4 

TapeOr ive: 
error 
end 
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DetachOev icei 

OetermineRaddr [Text] 
case  Devi ceType [RaddrJ  of 
Reader, 

Pr inter. 

Punch: 

NKCP2abc 

TapeDr i ve: 

NKRP2d 

end 

NeedSpool ingDevice: 

Determ i neRaddr  [Text] 
case  Dev i ceType [Raddr]  of 
Pr inter : 

PR1 

Punch: 

PU1 

other: 

error 

end 


end 


other: 

error 
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URDriver:  process 


case  HowUeGo there  of 
lOInterrupt: 

cacc  DcviccTypc  of 
Reader:  RO 

Printer:  PR 

Punch:  PU 

TapeDrive:  error 
end 


EKterna) interrupt: 

case  1 nterruptSubType  of 
Message: 

case  Source  of 
AuthProceas: 
OpProcess: 
Nkcp: 
other: 


end 


MagAuth 

MagOp 

MsgNkcp 

/ft  anybody  else  talk 
wi  th  URProcess?  ft/ 


end 


other: 

/ft  any  other  external  interrupts?  ft/ 


o  ther : 

/ft  any  other  important  interrupt  classes?  */ 

end 

KernelCal I [Recei vel nterruptsl 
Kerne  I  Cal  I [Re  I easeCPU] 
end  UROr i ver 
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RD1:  Unexpected  10  interrupt  signalling  deck  to  be  read 


given:  Raddr:  Dev i ceAddress 

entry:  for  some  (RsReaderEntry)  in  Readers: 

(R. Raddr  ■  Raddr 
& 

R. State  -  Started 
& 

R.CyclePosi tion  »  Available) 

& 

■v  ShuttingOown 

action:  R.CyclePosi tion  <-  Secur i tyHeader 
R.L ineBuf fer  <-  ni I 

KernelCal I  [Request  10 (R. Raddr)  for  input) 

exit:  N”R.CyclePosi t ion  -  Secur i tyHeader 

N"R.L i neBuf fer  ■  nil 

KernelCal I ed [Request 10 (R. Raddr)  for  input) 
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R02as  Expected  10  interrupt  signalling  security  header  read 


given*  Raddrs  DeviceAddress 
Process:  ProcessName 

entry:  for  some  (R:ReaderEntry)  in  Readers: 

(R.Radrir  ■  Raddr 
<S 

R. State  NotSpooling 
& 

R.CyclePosi t ion  -  Secur i tyHeader 
& 

R.ChannelStatusWord.Uni tCheck  -  false 
& 

R.LineSuf fer  **■  nil) 

action:  if  for  some  (N:NkcpEntry)  in  CurrentNkcps: 

(N. Process  ■  Process) 
then  if  for  some  (D:DeviceAddress) 

in  N.Usab I  eReaders: 

(D  ■  R.Raddr) 
then  /*  Attach  Device  */ 

^srnelCai I CGrantAccess ( 

N. Process, R. Paddr ) ) 

if  OK 

then  R.AttachedProcess  <-  N. Process 
R.CyclePosi t ion 

<-  AttachadToSpool ingPrccess 
Kerne  I  Cal  I  [SendflessageC 

Spoo I OeviceAttached CR.Raddr]  , 
R . A 1 1  achedPr  oce  ss ) J 
else  /ft  Kernel  did  not  grant  access: 
something’s  wrong  ft/ 

Kerne  I  Cal  I  [Sendfleesage ( 

Physical  I yPurgeOecktR. Fladdr’ , 
OpProcess) ] 

Rslni t ial i zelnputSpoolCycl e CRJ 
end 

else  /ft  Nkcp  sxists  but 

cannot  use  this  reader  ft/ 

KernelCal  I  CSondflessage ( 

Physical  I yPurgeDeck [R.Raddr]  , 
CpProcess) ] 

F'elni  t  ial  izeJ  nputSpoolCyc  I  e  CR] 
end 
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else  /*  necessary  Nkcp  does  not  currently  exist  */ 
R.CyclePosi t ion  <-  AttachPending 
R.AttachedProcess  <-  Process 
KernelCal  I  CSendflessage  ( 

NeedNkcp  CR.AttachedProcess, R.Raddr] , 
AuthProcess) ] 

end 

exit:  N"R.CyclePosi tion  - 

if  for  some  (NtNkcpEntry)  in  CurrentNkcps: 

N. Process  ■  Process 
then  If  for  some  (DsDeviceAddress) 

in  N.Usab I  eReaders: 

(0  -  R.Raddr) 

4 

GrantedAccess 

then  AttachedToSpool ingProcess 
el se  Avai table 
end 

else  AttachPending 
end 

N"R. At tachedProcess  ■ 

if  for  some  (N:NkcpEntry)  in  CurrentNkcps: 

N. Process  ■  Process 
then  if  for  some  (D:DeviceAddrees) 

in  N.Usab I  eReaders: 

(0  -  R.Raddr) 

4 

GrantedAccess 
then  N. Process 
else  URProcess 
end 

else  Process 

end 

N"R. State  - 

if  for  some  (N:NkcpEntry)  in  CurrentNkcps: 

(N. Process  ■  Process) 

4 

(for  all  (D:DeviceAddress) 

in  N.Usab I  eReaders: 

(0  R.Raddr) 
or 

*»  GrantedAccess) 

& 

R. State  -  Oraining 
then  Drained 
else  R. State 

end 
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N"R.ClassesServedCurrent ly  ■ 

if  for  some  (NtNkcpEntry)  in  CurrentNkcpst 
(N. Process  -  Process) 

A 

for  all  (DiOeviceAddress) 

In  N.Usab I  eReader st 

(D  R.Raddr) 

A 

~  GrantedAccess 
then  R.ClassesServedNextCycle 
else  R.ClassesServedCurrently 
end 


I 


f  for  some  (NiNkcpEntry)  in  CurrentNkcps: 

(N. Process  ■  Process) 

then  if  for  some  (OsDeviceAddress)  in  N.Usab I  eReaders 
(0  ■  R.Raddr) 

then  KernelCal ledCGrantAccess) 
if  GrantedAccess 

then  Kerne  I  Ca  I  led  tSendflessage  ( 

N. Process)) 

eise  Kerne  I Ca 1 1 ed (SendHessage  ( 
OpProcess)) 
if  R. State  •  Draining 
then  Kerne  I  Cal  led  [ 

Sendfless?'’*  { 

OpP  esa)] 
end 


end 

else  KernelCal  ledCSendf1essage(0pProces9) ) 
i f  R. State  ■  Oraining 

then  KernelCal led ISenddessage ( 
OpProcess)) 
end 


end 

else  KernelCal I  ad CSendMessage (AuthProcess) ) 

end 
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R02bj  10  Error  when  attempting  security  header  read 


given:  Raddr:  DeviceAddreas 

entry:  for  some  (R:ReaderEntry)  in  Readers: 

(R. Raddr  ■  Raddr 
A 

R. State  «<■  NotSpool  ing 

& 

(R.CyciePosi t ion  inset  (Secur i tyHeader, 

Secur i tyHeaderUa i tForReady) ) 

R.Channe IStatusUord.Uni  tCheck  ■  true) 

action:  R.CyciePosi t ion  <-  Secur i tyHeaderUa i tForReadu 

KernelCal  I  (SendflessageUnterventionRequiredtR.Rai.jr] , 

OpProcess) J 

exit:  N"R.CyclePosi tion  •  Secur i tyHeaderUa I tForReady 

Kerne  ICa 1 1  ed  tSendflessage (OpProcess)  1 
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R02cs  Reader  error  cleared  by  operator  (10  interrupt  signalling 
device  ready) 


given:  Raddr:  Dev i ceAddress 

entry:  for  some  (R:ReaderEntry)  in  Readers: 

(R. Raddr  »  Raddr 
& 

R. State  NotSpooling 
& 

R.CyclePosi tion  -  Secur i tyHeaderUai tForReady 
& 

R.ChannelStatusUord.Uni tCheck  -  false) 

action:  R.CyclePosi tion  <-  Secur i tyHeader 
R.LineQuf fer  <-  ni I 

KernelCal I  [Request  10 (R. Raddr)  for  input! 

exit:  N"R.CyclePosi tion  ■  Secur i tyHeader 

N''R.L i neBuf fer  ■  nil 

KernelCal led (RequestlOtR. Raddr)  for  input! 
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R03a:  AuthProcess  message  re  Nkcp  creation!  added 


givens  Raddrs  DeviceAddress 

entry:  for  some  (RtReaderEntry)  in  Readers: 

(R.Raddr  ■  Raddr) 

S 

for  some  (N:NkcpEntry)  in  CurrentNkcps: 

(N. Process  -  R. AttachedProcess) 

error  on  ~(R. State  *<•  NotSpool  ing 
& 

R.CyclePosi tion  ■  AttachPending) 

action:  if  for  some  (D: DeviceAddress)  in  N.Usab I  eReaders: 

0  ■  R.Raddr 

then  /#  attach  process  */ 

kernelCal I [Gran tAccess (N. Process, R. Raddr) ] 
if  Ok 

then  R.CyclePosi tion  <- 

AttachedToSpool ingProcess 
kerne  I  Cal  I  [Sendflessage  ( 

SpoolDeviceAttached [R.Raddr] , 
N. Process) ) 

else  /ft  kernel  did  not  grant  access  ft/ 
kernelCal I [CsndMessage ( 

Physical lyPurgeDeck [R.Raddr] , 
OpProcess) ] 

kernelCal I  [Sendflessage ( 

Purgel f Abl e. 

N. Process) ] 

R« Initial izelnputSpoolCycle [R] 

end 

else  /ft  NkCP  exists  but  cannot  use  this  reader  ft/ 
kernelCal  I  (Sendflessage ( 

Physical lyPurgeDeck  [R.Raddr] , 
OpProcess) ] 

kernelCal  I  [Sendflessage ( 

Purgel fAble, 

N. Process) ] 

Relni t ial i zelnputSpoolCycle  tR] 
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exits  N"R.CyclePosl tlon  - 

if  for  some  (0:DeviceAddress) 

in  N.Usab I  eReader*: 

(D  ■  R.Raddr) 

A 

GrantedAccess 

then  AttachedToSpool IngProcess 
else  Avai table 

end 

NHR. State  - 

if  (for  all  (OsDeviceAddrese) 

in  N.Usab I  eReaders: 

(0  *»■  R.Raddr) 
or 

«  GrantedAccess) 

& 

R. State  ■  Draining 
then  Drained 
else  R. State 

end 

N"R.CIassesServedCurrently  ■ 

if  for  all  (Q:OeviceAddress) 

in  N.Usab I  eReaders: 

(D  R.Raddr) 
or 

~  GrantedAccess 

then  R.CIassesServedNextCycl e 

else  R.ClassesServedCurrently 

end 

N"R. AttachedProcess  ■ 

if  for  all  (DsDeviceAddress) 

in  N.Usab I  eReaders: 

(0  <«>■  R.Raddr) 
or 

<v  GrantedAccess 

then  URProcess 

else  R. AttachedProcess 

end 

KernelCal I ed  (Sendflessage  (N. Process) ) 

if  for  some  (OsDeviceAddress)  in  N.Usab I  eReaders: 

(D  •  R.Raddr) 

then  Kerne iCal I ed CGrantAccess) 
if  *»  GrantedAccess 

then  KernelCal  I  ed  [Sendflessage (OoProcess) ) 

end 

else  Kerne  I  Cal  I ed [Sendflessage (OpProcess) 3 
end 
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R03b:  AuthProeess  message  rs  Nkcp  creation:  cannot  add 


given:  Raddrt  OeviceAddrsss 

entrgt  for  some  (RiReaderEntry)  in  Readers: 

R.Raddr  ■  Raddr 

error  on  »(R. State  NotSpoolIng 
& 

R.CyclePosi t Ion  •  AttachPendlng) 

ac  t  i  ont  Kerne  I  Ca  I  I  [Sendtlessage  ( 

Physical lyPurgeOeck  [R.Raddr] , 

OpProcess) 3 

Relni tial i zelnputSpoolOevice tR3 

exit:  N"R. State  ■ 

i f  R. State  •  Draining 
then  Drained 
else  R. State 
end 

NMR.CyclePosl tion  ■  Available 

N"R.CIassesServedCurrently  ■  R.CIassesServedNextCycle 
N"R. At tachedProcese  ■  URProcess 

Kerne  I  Ca  I  led  [Sendtlessage  lupProcess)  3 
i f  R. State  -  Oraining 

then  Kerne  I  Cal  I ed tSendMeseage (OpProcess) 3 

end 
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R04:  Process  releases  reader  after  spociing 


givem  Raddr*  DeviceAddress 

Reques 1 1 ngProcess:  ProcessName 

entry*  for  some  (RjReaderEfltry)  in  Readers* 

R.Raddr  •  Raddr 

error  on  *(R. State  *>•  NotSpooling 
4 

R.CyclePosl t ion  -  AttachedtoSpool IngProcess 
4 

R. AttachedProcess  •  Request IngProcess) 

act  ion*  KernelCal I CReleaseQevicelR. AttachedProcess, R.Raddr)) 
if  OK 

then  Relni tial i zalnputSpoolDavicetR) 
else  KernelCal I  (Sendttessaget 

OeviceNotRelaased  CR. Raddr) , 

R. At tachedProcesa) J 
KernelCal led  ISendflEssage ( 

Oev l ceNo  tRe i eased  t 
R.Raddr, 

R. AttachedProcess] , 
QpProceas)} 


end 
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exit*  N"R. State  - 

if  OevicaRe leased 
4 

R. Stats  «  Draining 
then  Drained 
else  R. State 

end 

N''R.CyclsPosi  t  Ion  ■ 

I f  Oev I ceRe I  eased 
then  Aval  table 
else  R.CyclePosi tlon 
end 

N"R.  C I assesSarvedCurrant I y  » 

.t  DeviceReleased 

then  R.ClassesSarvedNaxtCycle 
else  R.C I assesSarvedCurrent I u 
end 

N"R. At tachedProcess  ■ 

if  OevicaRe I  eased 
then  URProcesa 
else  R. At tachedProcess 
end 

If sr ne  I  Ca  1 1  ed  (Re  I  easeOev  i  cal 

i  f  (**Oev  i  ceRe  I  eased) 
or 

R. State  ■  Draining 

then  Kernel Cal ledCSendHessage(OpProcess)] 

(fernelCal  led(SendHessage(R.AttachedProcessH 
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givens  Raddrs  DeviceAddress 

entrys  for  some  (RsReaderEntry)  in  Readers: 

R.Raddr  -  Raddr 

error  on  R. State  •  NotSpooling 

actions  If  R.CyclePosi tion  -  Available 
then  R. State  <-  Drained 

Kerne  I  Cal  I  (Sendllessaget 
DrainedCR. Raddr  1 , 

OpProcess)) 
else  R. State  «■-  Draining 

end 

exits  N"R. State  « 

if  R.CyclePosi tion  ■  Available 
then  Drained 
else  Graining 

end 

if  R.CyclePosi tion  »  Available 

then  Kerne  I  Cal  I  ed  (Sendflessage  (OpProcess)] 

end 
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0P15a: 


Start  (Re  der) 


given:  Raddr:  DeviceAddress 

NeuClasses:  set  of  Class 

entry:  for  some  (R:Reader£ntry)  in  Readers: 

R. Raddr  -  Raddr 

error  on  R. State  »  NotSpooling 

action:  if  Empty CNewC I  asses] 

then  if  Empty CCl assesServedCurrent ly) 
then  KernelCal  1  [Sendftessage ( 

flustProvidelni  tialClassLi  st  t 
R. Raddr] , 

OpProcess) ] 
else  R. State  <-  Started 

KernelCal I CSendflessage  ( 

Started CR. Raddr] , 

OpProcess) ] 

end 

else  R.C I assesServedNextCyc I e  <-  Net-Classes 
if  R.CyclePosi tion  ■  Available 

then  R. Cl assesServedCurrent I y  <- 
NeuClasses 
end 

R. State  <-  Started 
KernelCal i  tSendRessage( 

Started  [R. Raddr] , 

OpProcess) ] 
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exit:  N"R. State  - 

if  (-Empty INeuC lasses] ) 
or 

UEmp  ty  IR. C I assesServedCurr en 1 1 y] ) 
then  Started 
else  R. State 

end 

N"R.CIassesServedNextCycle  - 
if  -Empty [NeuClasses! 
then  NeuClasses 
else  R.C I assesServedNextCyc I e 

end 

N"R.CIassesServedCurrently  ■ 

if  (-Empty [NeuClasses! ) 

A 

R.CyclePosi t ion  ■  Available 
then  NeuClasses 
else  R.CIassesServedCurrently 
end 

Kerne  I Ca I  led  CSendMessage (OpProcese) 1 
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I 

I 

PRPU1: 


I 

I 

k 


Process  request  for  output  spooling  device  assignment 


givens  Process:  ProcessName 

RequestedC I  assess  set  of  Class 

entry:  true 

error  on  for  all  (NsNkcpEntry)  in  CurrentNkcps: 

(N. Process  Process) 
or 

Empty  (RequestedC I  asses) 

action:  if  ~  ShuttingOoun 

then  Pr i nterSpoo (Requests  <- 

Append  [Pr interSpoolPequests, Entry] 

end 

exits  N"Pr interSpoo  Requests  ■ 
i  f  *»  Shu  1 1  i  ngOoun 

then  Append  [Pr i n  t erSpoo I  Request  s , En  tr y) 
else  Pr interSpoolRequests 

end 


uhere 

Entry  ■■  <Proce33  -  Process, 

RequestedC I  asses  ■  RequestedC I  asses, 
At tachedOe\ ice  -  ??, 

State  -  Uai t ingForOevice> 
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PRPU2:  Printer  Assignment  (for  spooling) 


givens  DRs  OutputDeviceRequest  in  Pr ^interSpoo  I  Requests 
P:  PrinterEntry  inPrinters 

entry:  P.Stato  -  Started 
& 

P.CycloPosi tion  -  Available 
& 

DR. State  -  Uai t ingForOevice 
& 

C I assesMatch  (P. C lassasServedCurrent I y, 

OR. RequestedCl asses] 

actions  let  (NsNkcpEntry)  in  CurrentNkcpss 
(N. Process  »  DR. Process)  in 
if  for  some  (D: Dev i ceAddress)  in  N.Usab I ePr i nterss 
D  -  P.Raddr 

then  P.AttachedProcess  <-  DR. Process 
P.CyclePosi t ion  <-  Secur i tyHeader 
DR. AttachedOevice  <-  P.Raddr 
OR. State  <-  Processing 
KernelCal I (RequestlO(P.Raddr)  for  output] 

end 
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exit:  N"P. At tachedProcess  - 

if  for  some  (0: Devi ceAddress) 

in  N.UsablePr inters* 
0  ■  P.Raddr 
then  DR. Process 
else  P. At tachedProcess 
end 

N''P.CyclePosi  tion  ■ 

if  for  some  (QiOevi ceAddress) 

in  N.UsablePr inters: 
0  ■  P.Raddr 
then  Secur i tyHeader 
else  P.CyclePosi tion 
end 

N"OR.AttachedOevice  ■ 

if  for  some  (D:Dev i ceAddress) 

in  N.UsablePr inters: 
0  ■  P.Raddr 
then  P.Raddr 
else  OR.AttachedOevice 
end 

NMDR. State  - 

if  for  some  (DsOeviceAddress) 

in  N.UsablePr inters: 
0  ■  P.Raddr 
then  Processing 
el se  OR. State 

end 

KernelCal I  [Request iO (P.Raddr)  for  output) 
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PRPU3a: 
pr inter 


Interrupt  indicating  end  of  security  header  output  on 


given:  Raddrt  OeviceAddress 

entry:  for  some  (P:Pr interEntry)  in  Printers: 

(P.Raddr  •  Raddr 
& 

P. State  «*■  NotSpool  ing 
& 

P.CyclePosi t ion  -  Secur i tyHeader 
& 

P.ChannelStatusUord.Uni tCheck  ■  false) 

action:  Kerne  I  Cal  I  [Grant Access (P. At  tachedProcess, P.Raddr) ) 
if  OK 

then  P.CyclePosi t ion  <-  AttachedToSpool ingProcess 
KernelCal I [Sendflessage { 

Spool ingDeviceAttached [P.Raddr] , 

P. A  t  tachedProcess) ] 

if  P.Rel inqui shOeviceRequestState  •  ShouldSend 
then  P.Rel inquishOeviceRequestState  <-  Sent 
KernelCal  I  [Sendflessage ( 

Drain [P.Raddr] , 

P. AttachedProcess) ] 

end 

else  Ay  Kernel  did  not  grant  access  as  expected  */ 
KernelCal I [RequestIO(P. Raddr)  for  output] 
P.CyclePosi t ion  <-  Secur i tyTra i I er 
let  (OR:OutputOeviceEntry) 

in  Pr interSpoolRequests: 

(DR. State  ■  Processing 
& 

DR. AttachedOevice  ■  P.Raddr 
& 

P. At tachedProcess  ■  DR. Process)  in 
OR. State  <-  Uai t ingForOevice 

end 
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exit!  N"P.CyclePosi tion  » 

it  GrantedAcceas 

then  AttachedToSpool ingProcess 
e I se  Secur i tyTrai I er 

end 

fTP.Rel inquishOeviceRequestState  - 
i f  GrantedAccess 
£ 

P.Rel inquishOeviceRequestState  -  ShouldSend 
then  Sent  „ 

else  P.Rel inquishOeviceRequestState 
end 

KernelCal ledtGrantAccessl 

if  GrantedAccess  _  .  , , 

then  KernelCal led  (SendflessagetP. At tachedProcess)] 

if  P.Rel inqui shOeviceRequestState  ■  ShouldSend 
then  KernelCal I ed tSendMeseage l 

P.AttachedProcess) J 

else  KernelCal led tRequest 10 (P.Raddr)  for  output! 

end 
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PRPU3b:  Interrupt.  10  error  on  attempt  to  output  security  header 


gi  vem 
entry* 


act  ion* 


exit: 


Raddr:  Oev i ceAddr  ;ss 

tor  some  (P:Pr interEntry)  in  Printers: 

IP. Raddr  •  Raddr 
& 

P. State  **  NotSpool ing 

P.CyclePoei tion  inset  (Secur i tyHeader, 
j  Secur I tyHeaderWa i tForReady} 

P.ChannelStatusUord.Uni tCheck  •  true) 

P. Cyc I ePos it i on  <-  Secur i tyHeaderWa i tForReady 
KernelCat  I  CSendfleasage  (Intervent  i  onRequ  i  red  CP. Raddr) , 
uprro cess/J 

N"P. Cyc I ePoei t ion  -  Secur i tyHeaderUai tForReady 
If  erne  iCa  1 1  ed  (Sendtlessage  (OpProcess)  ] 
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PRPU3c:  Interrupt  indicating  OK  to  retry  security  header  output 

given!  Raddrs  DeviceAddress 

entry:  for  some  (P:Pr interEntry)  in  Printers: 

(P.Raddr  •  Raddr 
& 

P. State  *»-  NotSpooling 

P. Cyc I ePos i t i on  •  Secur i tyHeaderHa i tForReady 

P.ChannelStatusUord.Uni tCheck  -  false) 

action:  P.CyclePosi t ion  <-  Secur i tyHeader 

KernulCal I [Request  10 (P.Raddr)  for  output) 

exit:  N"P. Cyc I ePos i t i on  ■  Secur i tyHeader 

Kerne  I Ca I  I ed  (Request  10 (P.Raddr )  for  output) 
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PRPU4:  Process  message,  release  output  spooling  device 


given:  Ratldrs  DeviceAddress 
Process:  ProcessName 

entry:  true 

error  on  -(for  some  (P:Pr InterEntry)  in  Printers: 

(P.Raddr  -  Raddr 
& 

P. State  NotSpool  ina 
& 

P.CycisPosi tion  »  AttachedToSpoo) ingProcess 
P, A t tachedProcess  »  Process) 

O 

for  some  (OR: Ou tputOev i ceRepues t) 

in  Pr in terSpoo I Requests: 

(DR. Process  -  P.AttachedProcess 
& 

OR. State  -  Processing 
& 

OR.AttachedOevice  ■  P.Raddr)) 

action:  P.CycicPosi tion  <-  Secur i tuTrai ler 
P.AttachedProcess  <-  URProcoss 
Kerne  I Ca 1 1  [Request  10 (P. Raddr)  for  oulputJ 
Pr i nterSpoo (Requests  <-  RemovetPr interSpoolRequests.DR) 


exit: 


Cyc  I  ePos i  t  i on  »  Secur  i  tuTrai  I  er 
N  P.AttachedProcess  ■  URProcess 
N  Pr i n terSpoo I Reques ts  » 

Remove (Pr  in  terSpoo IRequests, DR) 

KernelCal led  [Reques tI0(P. Raddr)  for  output) 
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PRPUSa:  Interrupt  indicating  successful  completion  of  security 
trai ler  a 


given:  Raddr:  OeviceAddress 

entry:  for  some  (P:Pr InterEntry)  In  Printers: 

(P. Radar  ■  Raddr 
& 

P. State  ««■  NotSpooling 
& 

P.CyclePosi t ion  ■  Securi tyTrai ler 
& 

P.ChannelStatusUord.Unl tCheck  -  false) 

action:  if  P. State  »  Oraining 

then  P. State  <-  Drained 

end 

P.C I assesServedCurrent ly  <-  P.ClassesServedNextCycle 
P. Re  I inquishOeviceRequestState  <-  NoNeed 
P.CyclePosi t ion  <-  Available 

exit:  N"P. State  - 

if  P. State  ■  Draining 
then  Drained 
else  P. State 
end 

N"P. Cl  asses?  jrvedCurrentiy  -  P.C I assesSer vedNex tCyc  I  e 
N"P. Re  I inquishOeviceRequestState  -  NoNeed 
N"P.Cyc lcposi t ion  ■  Available 
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PRPU5br  Interrupt,  10  error  on  security  trailer  output 


given:  Raddr:  OeviceAddress 

entry:  for  some  (P:Pr InterEntry)  In  Printers: 

(P. Raddr  -  Raddr 
& 

P. State  —  NotSpooling 

5 

P.CyclePosi tion  Inset  ISecur i tyTrai ler, 

Secur i tyTra i I erUa i tForReady) 

6 

P.ChannelStatusUord.Uni tCheck  ■  true) 

action:  P.CyclePosi tion  <-  Secur  I  tyTrai lerUai tForReady 
Kerne  I  Cal  I  CSendMessage ( 

InterventionRequired CP. Raddr] , 

OpProcessU 

exit:  N"P.CyclePoei  tion  -  Secur I tyTrai lerUai tForReady 

Kerne  I Ca  I  led  CSendflessage  (OpProcess)  ] 
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PRPUScj  Interrupt,  OK  to  retry  security  tral 
given:  Raridr:  DevIceAddress 


ler  output 


P. State  **•  NotSpooIJng 

P.Cyc/ePoei tion  -  Secur i tyTrai lerUai tForReady 

P.ChannelStat usWord.Uni tCheck  «  false) 

action:  P.CyclePoei t ion  <-  Secur I tuTrai ler 

kernel  Cal  I  'Request 10 (P.Raodr)  '•>?  output] 

«xit.  N  P.CyclePoei t Ion  •  Secur i tyTrai ler 

KernelCal led (Request 10 (P.fladdr)  for  output] 
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rrt-s0S2/m/00 


OPIAbct  Ora  In  (Printer,  Punch) 


y  vent  Haddn  UeviceAddress 

'°r  P?SLar’!Ufl^VlC,E,"rU'  OutputCic, 

error  on  P.State  -  NotSpooling 

actiom  If  P.CyclePosi t ion  -  Available 
then  P.State  <-  Drained 

Kerne  I  Cal  I  (Sendllessage  ( 

Drained  (P.Raddr) , 
i  . .  _  _  OpProcess)] 

,f  P-CyelePosition  -  AttachedToSpoolingProcess 
then  if  P.flel inqui shDeviceRequestState 
«*■  Sent 

then  P.flel inqui shDeviceRequestState 
<-  Sent 

KernelCal I (Senddessage  l 
OraintP.Raddr) , 
P.AttachedProcess)) 

ffnd 

else  P.flel inqui shDeviceRequestState 
<•  ShouldSend 

end 

P.State  <-  Draining 
end  v 


81 


9  Decenber  197/ 
Unit  Record  Process 


System  Development  Corporation 
TH-6862/111/00 


exit:  N"P. State  - 

if  P.CyclePoai ticn  ■  Available 
then  Drained 
el ss  Draining 

end 

N"P.Rel i nqu i shOev i ceRequestS tate  - 
if  P.CyclePoai tion  ■ 

At tachedToSpool ingProcess 
then  Sent 

else  if  P.CyclePosi tion  ■  Available 

then  P.Rei inqut shOevi ceRequestState 
else  Shout dSend 
end 

end 

if  P.CyclePosi tion  -  Available 

then  KernelCal  I  ed  (Sendflessage  (OpProcess)  ] 

end 

if  P.CyclePosi t ion  ■  At tachedToSpool ingProcess 
& 

P.Re1'  '’•lishOeviceRequestState  Sent 

the  ‘Cal  I  ed  CSendflessage (P.  At  tachedProcess)  ] 
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Tfl-6062/1 11/00 


0P15bcj  Start  (Printer,  Punch) 


givens  Raddr:  DeviceAddress 

NeuClasses:  set  of  Class 

entry:  for  some  (PsOutputOev i ceEntry)  in  OutputDev i cess 
P. Raddr  -  Raddr 

error  on  P. State  «  NotSpooling 

action:  if  Empty CNewC I  asses! 

& 

Empty  [P.CIassesServedCurrent ly] 
then  Kerne  ICal  I  [Sendflessage  ( 

Hus  tProv i de 1 n i t i a  I C I asaL i s  t CP . Raddr! , 
OpProcess) J 
else  P. State  <-  Started 

Kerne  I  Cal  I  [Sendflessage  ( 

S  tar  ted  CP. Raddr! , 

OpProcess) J 
if  --Empty CNewClassss! 

then  P.CIassesServedNextCycle 
<-  NeuClasses 

if  P.CyclePosi tion  »  Available 
then  P.CIassesServedCurrent ly 
<-  NeuClasses 
else  SendRequest 0 
end 

end 

end 

macro  SendRequest [!  - 

if  P.CyclePosi t ion  -  A t tachedToSpoo I i ngProcess 
then  if  P.Rel inquishOeviceRequestState  Sent 

then  P.Rel inquishOeviceRequestState  <-  Sant 
KernelCal  I  [Sendflessage  ( 

Ora  in  CP. Raddr! , 
P.AttachedProcess) J 

end 

else  P.Rel inquishOeviceRequestState  <-  ShouldSend 

end 
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exit:  N"P. State  - 

if  {-Empty  (NeuC lasses] ) 
or 

(-Empty  tP.CIassesServedCurrent ly] ) 
then  Started 
else  P. State 

end 

N"P. C I assesServedNextCyc I e  ■ 
if  -Empty [NeuC I  asses] 
then  NeuC I  asses 
else  P. C I assesServedNextCyc I e 
end 

N"P. C I assesServedCurrent ly  ■ 

if  P.CyclePosi t ion  -  Available 
& 

-Empty  tNeuClassesl 

then  NeuC I  asses 

else  P.C I assesServedCurrent I y 

end 

N"P. Re  I inqu i  ihOevi ceReques tState  ■ 
if  -Empty [NeuClassesl 

then  if  P.CyclePosi t ion  - 

AttachedToSpoo I ingProcess 
then  Sen* 

else  if  P.CyclePosi t i on  - 
Ava  'liable 

then 

P. Re  I i nqu i shOev i ceReques  tS  ta  te 
else  ShouldSend 
end 

end 

else  P.Rel  inqui shDev i ceRectuestState 

end 

Kerne  I Ca I  led  (Sendflessage (OpProcess) ] 
if  (-Empty CNeuC I  asses] ) 

& 

P.CyclePosi tion  ■  AttachedToSpool ingProcess 
& 

P. Re  I i nqui shOev i ceReques tState  —  Sent 

then  KernelCal  I  ed  (Sendtlessage  (P.  A  t  tachedProcess)  1 

end 
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OP0: 


n i see  I  I aneous  commands 

commands: 

QUERY-UR 
QUERY-ALL 
QUERY-RAOOR 
QUERY- TAPES 

entry:  true 

exit:  Kerne  I  Cal  led  tSendflessage  (OpProcess)  J 
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OPls 


Single  message  sent 
No  maps 

Single  resoonse  expected 

No  device  state  information  modifications 

commands: 

QUERY«-READER*-SPOOL  I D 
QUERY-PR INTER-SPOOL  ID 
QUER  Y«-PUNCH«*SPOOL  1 D 
CHANGE  *-S  YS  TEH*-SP00L  1 D 

entry:  true 

exit:  N"Pend ingRequests  ■  Append  (PendingRequests, 

cflsgld  -  new  (Message! dl , 

Kind  ■  OpRequest, 

Command  -  Command, 

Responses  ■  ( 

Respondent  -  Dest inat ion (Command! , 
Text  ■nil, 

State  ■  NoResponae>l >1 

Kerne  I Ca I  led  (Sendflessage (Dest  i nat  i  on  (Command! ) ! 
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Unit  Record  Process 


System  Development  Corporation 
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0P2:  Multiple  messages  sent 

No  map  9 

Responses  expected 

No  device  state  information  modifications 


commands: 

ouery-files-all 

QUERY-REAOER-ALL 

QUERY-PRINTER-ALL 

QUERY-PUNCH-ALL 

QUERY-HOLD 

CHANGE-SYSTEM-CLASS-ALL 
entry:  true 

exit:  N"PendingReque3ts  ■  Append  (Pendi ngRequests, 

<Msgld  -  neu  IMessagel dJ , 

Kind  »  OpRequest, 

Command  ■  Command, 

Responses  -  (for  all  (N: Pr ocessName) 

in  CurrentNkcps: 

^Respondent  -  N, 

Text  ■  nil. 

State  ■  NoResponse>) >] 

for  a  I  I  (N:ProcessName)  in  CurrentNkcps: 

Kerne  I Ca I  led [SendMessage (N)  1 
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0P3:  Single  message  sent 

Mappings  User  id  ->  Nkcp  Id 

Single  response  expected 

No  device  state  information  modifications 

commands: 

QUERY-F  I LES-USER I D 

QUERY-READER-USERID 

QUERY-PR INTER-USER ID 

QUERY-PUNCH-USERID 

CHANGE -USERID 

FREE 

HOLD 

ORDER-USERID 

PURGE-USERID 

entry:  true 

exit:  N"PendingRequests  ■  Append (Pend ingflequests, 

<MsgId  ■  new {Message  I d) , 

Kind  -  MapUserld, 

Command  •  Command, 

Responses  -  I 

Respondent  •  AuthProcess, 
Text  ■nil, 

State  -  NoResponse>i  >] 
Kerne  I Ca 1 1 ed (SendMessage (AuthProcess)  I 


3  December  1377 
Unit  Record  Process 


System  Development  Corporation 
Ttt-6062/1 11/00 


OPAabi  commands} 

BACKSPAC 

FLUSH 

REPEAT 


given!  Raddr:  Dev i eeAddress 

entry?  for  some  (PsOutputOeviceEntry)  In  OutputOevices: 
P. Raddr  -  Raddr 


error 


on  ~(P .State  «*•  NotSpooling 

P.CyclePosi t ion  -  AttachedToSpool ingProcess) 


exit:  N"Pend i ngReques  t  s  -  Append  [Pend ingRequests, 

<nsgld  ■  neu  tileasagel d] , 

Kind  •  OpRequest, 

Command  ■  Command, 

Responses  *  I 

Respondent  -  P. At tachedProcess, 
Text  -nil, 

State  -  NoResponse>) >] 


Kerne (Called  CSendflessage (P. A  t  tachedProcess) ] 


I 
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OPS:  command: 

SPACE 

given:  Raddr:  Dev i ceAddress 

entry:  for  some  (P:Pr interEntry)  in  Printers: 

P. Raddr  ■  Raddr 

error  on  **(P. State  NotSpooling 
& 

P-CyclePosi tion  ■  AttachedToSpool ingProcess) 

exit:  N"PcndingRequests  •  Append (PendingRequests, 

<Msgld  -  new  (Message Id] , 

Kind  -  OpRequest, 

Command  -  SPACE, 

Responses  -  ( 

Respondent  ■  P. AttachedProcess, 
Text  -nil, 

State  -  NoResponse>l >1 

Kerne  I  Cal  led  (Sendflessage  (P.  AttachedProcess)  ] 
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0PSs  commands: 

ORDER-SYSTEM 

PURGE-SYSTEM 

given:  Nkcpsi  set  of  ProcessName 
entry:  true 

exit:  N"Pend i ngRequests  -  Append  (Pend i ngRequests, . 

<MsgId  -  new  (MessageldJ  , 

Kind  -  OpRequeat, 

Command  ■  Command, 

Responses  »  (for  all  (Nt ProcessName)  in  Nkcps 
<Respondent  ■  N, 

Text  ■  nil, 

State  ■  NoResponse>i >] 

for  ail  (N: ProcessName)  in  Nkcpsi 
kerne  I Ca I  led (SendMesaage (N) ] 
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0P7abci  LOCATE  of  Reader,  Printer,  Punch 


givens  Raddrs  OeviceAddress 

entrys  for  some  (DsDeviceEntry)  in  Devicess 
D.Raddr  ■  Raddr 

error  on  D.CyclePosi  t  ion  «*inset  (AttachedToSpool  ingProcess, 

At  tachedToUserl 

exit:  N"PendingRequests  ■  Append CPendingRequests, 

<MsgId  -  new [Message! dl , 

Kind  ■  OpRequest, 

Command  •  LOCATE, 

Responses  ■  ( 

Respondent  •  D. At tachedProcess, 
Text  -nil, 

State  »  NoResponse>) >1 

Kerne  I  Cal  I  ed  [Sendflessage  (□.  At  tachedProcess)  ] 
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Unit  Record  Process 


System  Development  Corporation 
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0P7dt  LOCATE  of  Tape  Orive 


given:  Raddr:  DeviceAddress 

entry:  for  some  (TtTapeOr iveEntry)  in  TapeDrives: 

T . Raddr  ■  Raddr 

error  on  T. State  '*•  At tachedToUser 

exit:  N"PendingRequests  ■  Append  [Pend i ngRequests, 

<Msgld  -  new (Message! d) , 

Kind  ■  OpRequest, 

Command  -  LOCATE, 

Responses  ■  I 

Respondent  ■  T.AttachedProcess, 
Text  -  nil. 

State  -  NoResponse>) >] 

Kerne  I Ca 1 1 ed  ISendMessage (T.AttachedProcess) ] 
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0P8* 


command: 

SHUTOOUN 


entry:  true 


act  ion: 


ShuttingOoun  <-  true 

for  al I  !OR:OutputOeviceRequest) 

in  Pr InterSpoolRequests* 
if  DR. State  ■  Uai tingForDeviee 

then  Pr interSpoolRequests  <-  Remove! 

Pr interSpoolRequests, DR] 
end 

for  al I' (ORsOutputOeviceRequest) 

in  PunchSpoo IRequests* 
if  DR. State  ■  Uai tingForDeviee 

then  PunchSpoo I Requests  <-  Remove! 

PunchSpoo I  Request  s , OR] 


end 


exit:  N"SHut t ingOown  •  true 


for  all  (DRsOutputDeviceEntry)  in  Pr interSpoolRequests* 
N"DR. State  —  Uai tingForDeviee 
for  all  (DR.-OutputDeviceEntry)  in  PunchSpoolRequests: 
N"0R. State  Uai tingForDeviee 


9  December  1977 
Unit  Record  Process 


System  Development  Corporation 
TM-60G2/1 11/00 


OPS abet  Vary  offline  (Reader,  Printer,  Punch) 


givent  fladcirt  OeviceAddress 

entry:  f0r  some  (OsOeviceEntry)  in  Devices: 
0. Raddr  ■  Raddr 


error  on  D.CyclePosI t ion  -inset  (Available, Of fline) 

action:  O.CiiclePosi  tion  <-  OffLine 
D. State  <-  NotSpooling 
kernel  Cal  I  (Sendflessage ( 

Offline (0. Raddr] , 

OpProcess) ] 


6X1 1!  M«R*iyclePo*ition  ■  Offline 
N  0. State  •  NotSpooling 

<er  ne  I  Ca  II  ed  ISendflessage  (OpProcess) : 
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0P9d:  Vary  offline  (Tape  Drive) 

g i vent  Raddr:  DeviceAddress 

entry:  for  some  (T: TapeOr I veEntry)  In  TapeOrlvea: 
T. Raddr  -  Raddr 

error  on  T.State  *lnset  (Aval lable.Of fLIne) 

action:  T.State  <-  Offline 

Kerne  I Ca I  !  (Sendflessage ( 

Of (Line  IT. Raddr], 

OpProcesa)] 

exit:  NMT. State  -  Offline 

Kerne  I  Cal  I  ed  (Sendflessage  (QpProceas)'J 


9  Docemb er  1977  System  Development  Corporation 

Unit  Record  Process  Tfl— 6062/1 11/80 


QPIBa:  Vary  online  (Reader) 


given:  Raddr:  DeviceAddress 

entry:  tor  some  (RiReaderEntry)  In  Readers: 

R. Raddr  •  Raddr 

error  on  ^(R. State  •  NotSpooling 
S 

R.CyclePosi t ion  ■  OffLIne) 

action:  R. State  <-  Drained 

R.CycloPoei t ion  <-  Available 

R.C I assesServedCurrent ly  <-  R.CIassesServedNextCycle 

R.AttachedProcess  <-  URProcess 

Kerne  I  Cal  I  £Sendf1essage(0nLlnetR.Raddr]  .OpProcess)] 

exit:  N"R. State  •  Drained 

N"R.CyclePoei t ion  •  Available 

NMR. Cl assesServedCurrent I y  »  R.CIassesServedNextCycle 
N"R. At tachedProcess  •  URProcess 

Kerne  I  Ca  II  ed  ISendflessage  (OpProcess)  1 
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OP10bc:  Vary  online  (Output  Oevice) 


give.!  Raddr*  DeviceAddress 

entry:  for  some  (0:0utput0evlcaEntry)  in  OutputDevices: 

0. Raddr  -  Raddr 

error  on  ~(0^3tate  -  NotSpooling 

O.CyclePoai tion  -  OffLIne) 

action:  0. State  <-  Drained 

O.CyclePoei tion  <-  Avaiiabie 

0. C I assesSer  vedCurrent I u  <-  D.ClaaaeaSet vedNextCycle 

0. A t tachedProcssa  <-  URProcess 

D.Rel inqui shDeviceRequeatState  <-  NoNeed 

Kerne  I Ca !  I  tSendflessage  (OnL  ine  [□. Raddr]  , OpProceae)  1 

exit:  N"D. State  ■  Orained 

N”D.CyclePoai t ion  ■  Available 

N"D.ClaasesServedCurrentiy  -  O.CIaasesServedNextCycle 

N"D. At tachedProceas  ■  URProcess 

N"D.Rel inquishOeviceRequestState  ■  NoNeed 

Kerne  I  Ca  I  led  ISendflesaage  (OpProcese)  ] 
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OP10d?  Vary  online  (Tape  Drive) 


givent  Raddr:  DeviceAddrees 

entryi  for  come  (T: TapeOr i veEntry)  in  TapeDrives! 
(T. Raddr  •  Raddr) 

orror  on  ~(T, State  ■  OffLine) 

action!  T. State  <-  Available 

T. At tachedProcess  <-  URProcess 
Kerne  I  Cal  I  CSendflessage  ( 

Online  tT. Raddr) , 

OpProcess) 1 

exit:  N"T. State  »  Available 

N"T. At tachedProcess  •  URProcess 

Ker ne  I Ca 1 1  ed  (Sendflessage  (OpProcess )  ] 


9  December  1977  System  Development  Corporation 

Unit  Record  Process  171-6062/111/08 


AUTH3abci  Attach  device  to  process  (request  from  ALthProcass) 
(Reader,  Printer,  Punch) 


given:  Raddr:  OeviceAddress 
Process:  ProcessName 

entry:  for  some  <0:0eviceEntryJ  in  Devices: 

0. Raddr  *  Raddr 

error  on  for  all  (N:NkcpEnt,'y)  In  CurrentNkcpS: 

N. Process  <■■  Process 

action:  if  0. State  -  Drained 
& 

D.CyclePosi tion  ■Available 

then  let  (N:NkcpEntry)  in  CurrentNkcps: 

(N. Process  ■  Process)  In 
KernelCal I (GrantAccesafD. Raddr. N  Process)] 
if  OK 

then  0. State  <-  NotSpooling 

Q.CyclaPosi tion  <-  AttachedToUeer 
O.At tachedProcess  <-  N. Process 
Kerne  I Cal  I (Sendflessagn  ( 

A 1 1 ached  CD. Raddr , 

N. Process] , 

AuthProcess) ) 

else  /*  Kernel  did  not  allow  the  access  »>/ 
Kerne  I  Cal  I  tSendrtessage( 

AttachFai led (D. Raddr, N. Process] , 
AuthProcess)] 
end 

else  /*  device  not  available  at  this  time  */ 

Kerne  1 Cal  I  (SendMessage ( 

DeviceNotAvai I  able  CD. Raddr] , 
AuthProcses)] 

end 
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exit:  N"0. State  - 

i  f  0. State  Drained 
4 

D.CyclePusi tlon  -  Available 
& 

GrantedAccess 
than  NotSpool ing 
else  0. State 
end 

NMD.CyciePosltien  ■ 

i  f  D. State  •  Ora  I  ne<J 
4 

D.CyclePosi t ion  >  Available 
& 

GrantedAccess 
then  AttachedToUser 
also  O.Cyc'ePosition 
end 

N"D. At tachedProcess  ■ 

i  f  D. State  *  Drained 
4 

D.CyclePosi t ion  ■  Available 
4 

GrantedAccess 
then  N. Process 
else  D.AttachedProcess 
end 


i f  D. State  ■  Drained 
& 

D.Cyc I ePosi t ion  ■  Available 

then  KernelCal I  ad CGrantAccess (D.Raedr ) ] 

and 

Kerne  I Ca 1 1  ad  (SendMeasage (AuthProcess) 3 
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AUTH3d: 


Attach  tape  drive  (request  from  AuthProcess) 


givem  Raddr s  OevIceAddress 
Processi  ProcessName 
ReqAccesst  Accessflodes 

entryt  for  some  (TiTapeDr IveEntry)  In  TapeOrivest 
T.Raddr  ■  Raddr 

error  on  for  alt  (NtNkcpEntry)  in  CurrentNkcpst 
N. Process  Process 

actiom  let  <N:NkcpEntry)  in  CurrentNkcpst 
(N. Process  ■  Process)  In 
if  T. State  -  Available 

then  KernelCal I  (GrantAccesst 
T.Raddr, 

N. Process, 

ReqAccess) 3 

if  OK 

then  T. State  <-  AttachedToUser 

T.AttachedProcess  <-  N. Process 
KernelCal  I  tSendllessage ( 

Attached tT.Raddr 3 , 
AuthProcess)] 

else  KernelCal I tSendtlessage ( 

NotOK  [T.Raddr] , 
AuthProcess)] 
end 

else  KernelCal I tSendllessage  l 

Or i veNo  t A va II ab I e IT . Raddr ] , 
AuthProcess)] 

end 
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exiti  N"T. State  ■ 

if  T . S tate  ■  Avai (able 
4 

GrantedAcceae 
then  At tachedToU3er 
else  T. State 
end 

N"T.AttachcdProceas  • 

i f  T. State  -  Avai (able 
& 

GrantedAcceas 
then  N. Process 
else  T.AttachedProcees 
end 

Kerne ICa 1 1  ed  tSenddessage (AuthProcess) ] 
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OPllabc:  Attach  device  to  process  (request  from  operator) 

(Reader,  Printer,  Punch) 


givcnt  Raddri  OevIceAddress 
Process:  ProcessName 

entry:  for  some  (D:Oev!ceEntry)  In  Devices: 

D.Raddr  ■  Raddr 

error  on  for  all  (N:NkcpEntry)  In  CurrentNkcps: 

N. Process  Process 

action:  let  (N:NkcpEntry)  in  CurrentNkcps: 

(N. Process  -  Process) 
i f  0. State  ™  Drained 
& 

D.CyclePosI tion  »  Available 
then  If  for  some  (A:DeviceAddress) 
in  union  of  (N.Usab I  eReaders, 

N.UsablePr inters, 

N.Usab I ePunches) : 

(A  ■  0. Raddr) 

than  KarnelCal I  (GrantAccess ( 

D.Raddr, 

N. Process) ] 

if  OK 

then  D. State  <-  NotSpoolIng 
D.CyclePoai tion 

<-  AttachedToUsar 
D. At  tachedProcess 

<-  N. Process 
Kerne  I  Cal  I (SendMasaage  ( 
Attached ( 

D.Raddr, 

N.  Process) , 
OpProcess) ) 

Kerne  I  Cal  I tSendMessage ( 
Attached  [D.Raddr] , 

N. Process) ] 

else  Kerne  I  Cal  I  CSendflessage  ( 
AttachFai led( 

O.  Raddr, 

N. Process] , 
OpProcess) J 

end 

else  Kerne  1C* I  I  CSendflessage < 
OevIceNotUsablet 
O-Raddr, 

N. Process] , 

OpProcess)] 

end 
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else  Kerne  I  Cal  I  (Sendlleaaage ( 

OeviceNotAval I  able  tD.Raddrl , 
OpProceaa)] 
end 

ok  l  ti  NT).  State  • 

I f  0. State  ■  Drained 
4 

D.CyclePoei tlon  ■  Available 
A 

GrentedAcceee 
then  NotSpoolIng 
else  0. State 

and 

NMO.CyclePosl t ion  • 

1 t  0. State  •  Drained 
4 

D.CyclePoei tlon  •  Avai.jble 
4 

GrantedAcceas 
then  AttachedToUser 
else  D.CyclePoal tlon 

end 

N"0. At tachedProcesa  » 

i f  0. State  -  Orained 
4 

D.CyclePoei tlon  »  Available 
4 

GrantedAcceas 

then  N. Process 

else  0. AttachedProcese 

end 

Kerne (Called  CSendMessage (OpProcess)  1 
i f  D. State  »  Drained 
4 

O.CyclePosI t ion  ■  Available 
t ten  KernelCal I ed (GrantAccessl 
if  GrantedAcceas 

then  KernelCal  led CSendfleseage (N. Process)  1 

end 

end 
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0P12abct  Datech  dedicated  devlca  from  uaar  (raquaat  from 
operator)  (Reader,  Printer,  Punch) 


g I  vent  Raddrt  DeviceAddresa 
Proceeei  ProceeeName 

entry:  for  some  (DtCeviceEntry)  In  Devices: 

(O.Raddr  -  Raddr) 

error  on  ~(D. State  •  NotSpoollng 

5 

D.CyclePoel t Ion  -  AttachedToUaer 

6 

D.AttachedProceaa  •  Procees) 

action:  D.CyclePoel t ion  <~  OataehPanding 
Kerne  I  Cal  I  (Sendt1essage( 

Re  I inqelshOevlealO.Raddr] , 

0. A  t  tachedPr ocess) ] 

ox  it:  N"O.CyclePosi t ion  ■  DetachPendl ng 

N"Pend I ngRequests  ■  Append IPend I ngRequests, 

<f1sg I  d  -  new [Message  I di , 

Kind  ■  Rel I nqu I shue vice, 

Command  •  ??, 

Reeponses  *  < 

Respondent  -  D. AttachedProcess, 
Text  •nil, 

State  -  NoResponee>i >1 
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« 


NKCP2a be*  Oetech 

attached  proceed 


dedicated  device  from 
(Reader,  Printer,  Punch) 


user 


(reduce t 


from 


O' van*  Kaddn  Dev iceAddrees 
Proceed  ProceeeNeme 

entry*  for  some  (0»0evlce£ntry)  In  Devices* 
(O.Raddr  -  fladdr) 

orror  on  -(O.Stcte  -  NotSpoolIng 

O.CyclePosi t ion  •  AttachedToUeer 
0. A t tachedProcesa  •  Proceee) 

action*  Kerne ICa! !  (ReleaeeOevicsl 
O.Raddr, 

0  O.AttachedProceoe)) 

then  D. State  <«  Drained 

O.CycisPosi t ion  <-  Available 
O.Attachocfrocess  <-  URProceee 
Kerne  l  Ca  1 1  [Sen dries  sage  ( 

Detached (O.Raddr) , 

D.At tachedProcesa) ) 

Kerne  I Cal  I  (Serdttessags { 

Oetached  (O.Riiddr), 
OpProcess)) 

else  Kerne  I Ca 1 1  (SendMesaage ( 

Oev i ceNo  tRe I easab I e (O.Raddr) 
■  0. At tachedProcesa) J 

Kerne  I Cal  I  (Sendhessagef 

Oev i ceNo tRe I easab I e I 
O.Raddr, 

O.AttachedProceeel , 
OpProcess)) 

end 
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exit:  N"D. State  ■ 

i f  OaviceReleased 
then  Drained 
ei se  0. State 

t  •i 

N"D.Cyc  ePoai t ion  • 

if  DeviceRe I  eased 
then  Avai table 
el se  D.CyclePosi t ion 
end 

N"D. At tachedProcess  ■ 
i f  Oev i ceRe I  eased 
then  URProcess 
else  0. At tachedProcess 
end 

KernelCal led  IReleaseOeviceJ 

KernelCal  led  CSendflessage  (D.  At  tachedProcess)  ] 

KernelCal  led ISendflessage (OpProcess) ] 
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0P12d:  Detach  dedicated  device  from  user  (request  from  operator) 
(Tape  Drive) 


given:  Raddr:  DeviceAddress 
Process:  ProcessName 

entry:  for  some  (TsTapeDriveEntry)  in  TapeDrives: 

(T. Raddr  ■  Raddr) 

error  on  ~(T. State  -  Attached 

T. At tachedProces3  ■  Process) 

action:  T. State  <-  OetachPending 
KernelCal I (Sendllessage  ( 

Re  I inqui shDevice  IT. Raddr] , 

T. A t tachedProceas) ) 

exit:  N”T. State  »  OetachPending 

N"PendingRequasts  ■  Append (Pend ingflequests, 
<hsgld  -  new  (he s sags Id) , 

Kind  ■  Re  I inqui shDevice, 

Command  -  ??, 

Responses  *■  f 

Respondent  »  T.AttachedProcess, 
Text  •  ni I , 

State  -  NoResponse>) >) 

K  er ne I Ca I  I ed  (Senddessage ( T . A 1 1 achedPr ocess ) ) 


109 


9  December  1977 
Unit  Record  Process 


System  Development  Corporation 

m-ses2/i  11/00 


NKCP2d:  Detach  dedicated  device  from  user  (request  from  attached 
process)  (Tape  Drive) 


given:  Raddr:  DeviceAddress 
Process:  ProcessName 

entry:  for  some  (T:TapeOr iveEntry)  in  TapeDrives: 

(T. Raddr  ■  Raddr) 

error  on  ~(T, State  -  Attached 
& 

T. AttachedProcess  ■  Process) 

action:  Kerne  I  Cal i (ReleaseDevicet 
T. Raddr, 

T. At  tachedProcess) ] 

if  OK 

then  T. State  <-  Available 

T. AttachedProcess  <-  URProceas 
Kerne ICai I (Sendheesage ( 

Detached  IT. Raddr] , 

T. At  tachedProcess) ] 

KernelCal  I  (Sendilessaget 

Detached(T. Raddr] , 

OpProcess) ] 

else  KernelCal  I  CSendflessage  ( 

DeviceNotReleasable(T.Raddr] , 
T. At tachedProcess)] 

KernelCal  I  (Sendrieseagel 

Dev i ceNo  tRe I easab I e 
T. Raddr, 

T. AttachedProcess] , 
OpProcess)) 

and 

exit:  N"T. State  ■ 

if  OeviceReleased 
then  Avai table 
else  T. State 
end 

N"T. At tachedProcess  - 

i f  OeviceReleased 
then  URProcess 
else  T. At tachedProcess 
end 

KernelCal led  (Re  I easeOev i ce] 

Kerne  I Ca I  led  (Senddessage (T, A  t  tachedProcess) ) 
KernelCal  I edISendflessage (OpProcess)] 
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t 

v 


NKCPlabc:  Process  message, 
(Reader,  Printer,  Punch) 


relinquishing  device  as  requested 


N 


given:  Raddr:  DeviceAddrees 
Process:  ProcessName 


entry:  f 0r  some  (DjDeviceEntry)  In  Devices: 
O.Raddr  *  Raddr 


error  on  *.<0. State  -  NotSpooling 
& 

D.CyclePosition  .  OetachPending 
0, A t tachedProcess  ■  Process) 


action:  kernel Cal  I tRe I easeOevicelD, Raddr, D. At tachedProcess)) 


end 


then  Kerne  I Cal  I (Sendttessaget 

Oetached CO. Raddr] , 

OpProcess) ] 

KernelCal  I  (Sendflessaget 

Detached ID. Raddr] , 

0. A  t  tachedProcess) 1 
0. State  <-  Orained 
D.CyclePosition  <-  Available 
0. At tachedProcess  <-  URProcess 
else  KernelCal  I  tSendflessaget 

Dev i ceNo tRe I easab I e  tD. Raddr] 
D. At tachedProcess)] 

KernelCal  I  ISendflessagel 

Dev  I ceNo  tRe I easab I e  t 
O.Raddr, 

0, At tachedProcess! , 
OpProcess)] 


f 
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exitt  NMD. State  - 

I f  OeviceReleased 
then  Drained 
else  0. State 
end 

N"0,Cyc lePosi t ion  ■ 

if  OeviceReleased 
then  Aval  table 
else  D.Cyc lePosi tion 
end 

N"0. At tachedProcess  • 

i f  Dev i ceRe I  eased 
then  URProcess 
else  O.AttachedProeess 
end 

Kerne  I  Cal  led CRe I easeOevicel 

Kerne  I  Ca  1 1  ed  [Sendtlessage  (D. At  tachedProcess)  ] 

KernelCal ted  (SendMessage (OpProcess)] 
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CPI  3*  loadbuf 

givent  Raddrt  OeviceAddrese 

ent-yj  for  some  (HjprinterEntry)  tn  Printers 
»  • n^uor  •  Raddr 

error  on  -IP. State  -  Orained 
& 

P.CyclePosi tion  -  Available) 


exit*  true 
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NKCPld!  Process  message,  relinquishing  device  as  requested  (Tape 
Drive) 


giveni  Raddrs  DeviceAddress 
Process!  ProceeeName 

cntryi-  for  some  (TtTapeDr IveEntry)  In  TapeOrlvesi 
T.Raddr  -  Raddr 


error  on  * 


(T. State  *  DetachPendi ng 
4 

T.AttbchsdProcsss  ■  Process) 


act  iom 


KernelCal I  (Re I easeDev ice (T.Raddr, Process)) 
if  OK 


end 


then  KernelCal  I  [Sendflessage ( 

Detached  [T.Raddr) , 

OpProcess) 3 

KernelCal  I  (Sendflessage ( 

Detached  (T.Raddr) , 

T. A  t  tachedProoesi) ) 

T. State  <-  Avai (able 
T. AttachedProcess  <-  URProces* 
else  KernelCal  I  (Sendflessage ( 

Dev iceNotRe leasable  (T.Raddr] , 
T. A  t  tachedProcess) ) 

KernelCal  I  (Sendflessage! 

Dev iceNotRe leasable  ( 

T.Raddr, 

T.  At tachedProcess) , 
OpProcess)) 


ex. i  t;  N"T. State  - 

if  OeviceReleased 
then  Avai I  able 
else  T.State 

end 

N"T. At tachedProcess  ■ 

if  OeviceReleased 
then  URProcess 
else  T. At tachedProcess 

end 

KernelCal led(ReleaseOevice) 

Kerne  I  Ca  I  led  (Sendflessage  (T.  A  t  tachedProcess) ) 
Kerne ICa 1 1 ed (Sendflessage (OpProcess) ) 
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OPlld: 


Attach  tape  drive  (request  from  operator) 


givent  Raddrt  DeviceAddress 
ReqAccess:  AccessModes 
TapeSecLevel i  ProcessName 
Process:  ProcessName 

entry:  for  some  (T:TapeOr i veEntry)  In  TapeDrlves: 

T.Raddr  ■  Raddr 

error  on  for  a  I  I  (N:NkcpEntry)  In  CurrentNkcps: 

N.Proceos  «*■  Process 

ection:  let  (N:NkcpEntry)  in  CurrentNkcps: 

(N. Process  -  Process)  In 

if  for  some  (0: DeviceAddress)  in  N.UsableTapaDr i ves: 

0  ■  T.Raddr 

then  if  T. State  ■  Available 

then  kerne  I  Cal  I  (ChsckSecLevel  ( 

TapeSecLevel , 

ReqAccess, 

T.Raddr, 

N. Process)) 

i  f  OK 

then  KernelCal I [GrantAccsss ( 

T.Raddr, 

N. Process, 

ReqAccess)) 

if  OK 

then  KernelCal I (SendMessage ( 
Attached [T.Raddr) , 

N. Process) ] 

Kerne (Call [SendMessage  i 
Attached  [ 

T.Raddr, 

N. Process] , 
OpProcess)) 

T. State  <-  Attached 
T.AttachedProcess  <- 
N. Process 

else  CannotAttach [NotOK] 
end 

el se  CannotAttach [ 

CannotUseTapel 

end 

else  CannotAttachCTapeDr iveNotAvai  table] 
end 

else  CannotAttachtCannotUseTapeDr ive] 
end 
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macro  CannotAt tach (Reason!  ■ 

Kerne  I Cal  I  (SendMessage ( 

NotAttachedl 

T.Raddr , 

N.F’rocesa, 

Reiison! . 

OpProcess)! 

exits  N"T. State  - 

If  for  some  (DiOeviceAddress) 

In  N.UeableTapeOr I  vest 
(D  »  T.Raddr) 

4 

T. State  -  Aval  table 
4 

CherkedSecLeve I 
4 

GrantedAccess 
then  Attached 
else  T. State 
end 

N"T. At tachedProcese  - 

i '  for  some  (D:0evi ceAddress) 

in  N.UsableTapeD.'lves: 

(0  ■  T.Raddr) 

4 

T. State  ■  Avai table 
4 

CheckedSecLeve I 
4 

GrantedAccess 

then  Process 

else  T. AttachedProcess 

Kerne  I Ca I  led  (SendMessage (OpProcess) ! 
if  for  some  (DtDeviceAddress)  in  N.UeableTapeOr Ives: 
(Q  a  T.Raddr) 

4 

T. State  >  Avai table 
then  KerneICa! I ed (CheckSecl eve  I ! 
if  CheckedSecLeve I 

then  KerneiCal ledCGrantAccesa(T.Raddr)] 
if  GrantedAccess 
then  KerneiCal I ed C 

SendMessage (Process) ! 

end 

end 

end 
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AUTH1 :  Add  Nkcp 


g I  vent  Process:  ProcessName 

Readers:  «et  of  DeviceAddrese 
Pr inters:  set  of  DeviceAddrese 
Punches:  sat  of  OeviceAddress 
TapeOrives:  set  of  DeviceAddrese 

entry:  true 

error  on  for  some  (NtNkcpEntry)  In  CurrentNkcps: 
N. Process  -  Process 

exit:  N'TurrentNkcps  -  Append {CurrentNkcps, 

<Process  •  Process, 

Usab I  eReaders  •  Readers, 

Usab I ePr inters  •  Printers, 
UsablePunches  »  Punches, 
UsableTapeOr ivee  *  TapeOrives>] 
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AUTH2:  Oelete  Nkcp 


given:  Process:  ProcessNama 
entry:  true 

error  on  for  ail  (N:NkcpEntry)  In  CurrentNkcps: 

N. Process  »»  Process 

let  (N:NkcpEntry)  in  CurrentNkcps: 

(N. Process  -  Process)  in 

exit:  N"CurrentNkcps  •  Remove [CurrentNkcps, N] 

for  al l  (OR:OutputOeviceEntry)  In  Pr InterSpool Request 
N"DR.AttachedProcess  «.•  N. Process 
for  all  (0R:0utput0evice£ntry)  in  PunchSpoolRequests: 
N"DR. At tachedProcess  N. Process 
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KERNli  message  from  Kernel,  re  device  availability  (during  scan 
at  system  Initialization). 


giveni  Raddrt  OeviceAddress 
entryi  true 

actiont  If  for  some  (OtOevicsEntry)  Devices! 

D.Raddr  •  Raddr 

then  error  on  0. State  «*■  Drained 

0. State  <-  NotAvai lableForSpool Ing 
D.CyclePosi tion  <-  OffLIne 
els.?  if  for  some  (TiTapeOr iveEntry)  In  TapeOriveet 
T. Raddr  »  Raddr 

then  error  on  T. State  »■  Available 
T. State  <-  Offline 
alee  error 

end 

end 

exit!  if  for  some  (ChOev icsEntry)  in  Devices! 

(□.Raddr  *  Raddr) 

then  N"D. State  •  NotAvai lableForSpool ing 
N"O.CyclaPosi t ion  ■  OffLine 
else  if  for  some  (TiTapeOr IveEntry)  In  TapeDrlvesi 
(T. Raddr  «  Raddr) 
then  N"T. State  *  Offline 
end 


end 
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Authorization  Proceaa 
Semi -Forma I  Deter  I pt Ion 

Thlo  section  contains  a  semi-formal  description  of  the 
Authorization  Proceaa  of  KVfl/378. 


Data  Types 


primitive  types  and  structuring  mechanismat 

boolean  tunor dared,  two  elements*  true,  false] 

string  (unbounded,  predefined  string  of  length  zero*  nil] 

inter  subrange 

scalar  (ordered  element  list] 

set  (of  any  type,  predefined  empty  set*  nil] 

record  (field  list] 


undefined  types* 

OeviceAddress 
LineAddress 
ProeessName 
Virtual  Hach  i  neName 
Vo  luma  Id 


undefined  functions  /  macros* 

Dominates 
DcviceType 
#Cyl inders 
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CommandName t  sea  1 ar ( 
AUTOLOG, 
ATTACH-RADOR, 
OETACH-fiAOOR, 

VARY, 

QUERY-OASO, 

QUERY-LINES, 

QIJERY-GRAF, 

QUERY-NAMES, 

QUERY-USERS-X, 

QUERY-ALL, 

QUERY-SYSTEM-RAOOR, 

QUERY-RAOOR, 

QUERY  -IJSERS-USER  1 0 , 
QUERY-USERID, 
LOCATE-RAOOR, 
SHUTOOUN) 


Roques tCatcgory:  scalar! 
At  tach, 

C I oarL i ne, 
ReDirectLine, 

Ur*  i  t  cAndReadL  i  na , 
OpRcquest, 

NcuVM, 

ConnectVIl, 

NeuUser , 

NeuOr  Connec  t  edVM , 
Re  I inqui shOevica) 


ResponseStatusi  scalar! 
NoResponse, 
Responded) 


AcceosModes:  scalar! 
Read, 

Ur  i  te) 
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LineStatus:  sea  I ar( 

Ratry, 

Oi sab  led, 

Avai  I  able, 

Readlni t iaIPassword. 
ReadAccessPassuord, 

Per  formResourceChecks, 
Hook i ngPer i phera I s, 

Not  i  fy  i  ngN’kcp, 
Attached, 
ReadLinkPassword, 
Recnab i ePend i ny ) 


Sharabl aOr i veStatus:  scalar ( 
Of  fL ine, 

Avai I  able. 

At  tachedToSystem) 


DriveStatus:  scalar( 

Of  fL i ne, 
OetachPending, 
At  tachedTollser , 
Avai table) 


VolumeStatus:  scalar( 
Mounted. 
NotMounted) 


LinkAccess:  scalar (R. PR, U, UR.M.MR.MUI 

LineCondi tiun:  subset  of  LineStatuas? 
Oi 3abled, 

Avai I  able) 


Act i vi tyStatus:  scalar! 
Free. 

Attached, 

A 1 1  achVa i i da  t i on) 


AccessCategory:  scalar ( 
Logon, 

Dial) 
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C 


ReasonTypcs:  scalar! 

I ncorrectLogon, 

ReoourceFai lure, 

Socur i tyViol at  ion, 
MaxThresho I dExceeded, 
NoNkcp, 

NoVn. 

Ter m i na I C I  ear anced i sma  tch) 


Logof fReasone:  scalar! 
UserChoice, 
Forced, 
Disconnected) 


DirectoryEntry:  , 

record 

Userid:  VirtualdachineName 
LocionPassuord:  string 
DialPassuord:  string 
L i nkPaosuord:  string 
daxSecLevel:  ProcessName 
MinSccLevel:  ProcessNrme 

DcdicatedOevices:  set  of  DedicatedOeviceEntry 
Links:  set  of  HOLinkEntry 
IplOefined:  oolean 

AccessPassuor ds:  set  of  AccessPaeeuordEntry 

end 

L i neEntryj 

record 

Laddr;  LineAddress 

flaxSecLeve  I :  ProcessName 

fl  i  nSecLsve  I :  ProcessName 

State:  Act i vi tyS' 'tus 

CyclePosi tion:  LineStatus 

Roqu 'stedSecLevel :  ProcessName 

A 1 1 achcdVfl:  Virtual  flach  i  neName 

Connection:  AccessCategory 

LineDropped:  boolean 

//Retries:  0. .  //flaxRetr  i  es 

//Awa  :  t  ingHooks:  nonnegative  integer 

flag:  string 

end 
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NkcpEntry: 

record 

Process:  ProcessName 
Vfls:  set  of  VMEntry 

AttachedOevices:  set  of  AttachedOeviceEntru 
end  Link9s  8et  of  MOLInkEntry  V 


AccessPassuordEntry: 

record 

SecLevel:  ProcessName 
Password:  string 
end 


VMEntry: 

record 

VMName;  Virtual Mach ineName 
Laddr:  LineAddress 
Oi sconnected:  boolean 
Users:  set  of  LineAddress 

end 


OedicatedDeviceEntry: 

record 

Raddr:  OeviceAddress 
VolSecLevel:  ProcessName 
Access:  set  of  Accessflodes 

end 


A  t  tachedOev i ceEntry: 
record 

Raddr:  OeviceAddress 
Access:  set  of  Accessflodes 

end 


MOL inkEntry: 

record 

fIDName:  MiniOiskName 
Access:  set  of  Accessflodes 

end 


ProcessL i nkEntry: 
record 

Process:  ProcessName 
Access:  set  of  Accessflodes 
end 
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URPOwnedQev i ceEn  try: 
record 

Racldr:  OeviceAddress 
MaxSecLevel:  ProcessName 
MinScclevel :  ProcessName 
end 


Nonshar ab I eDr i veEntry: 
record 

Raddrs  OeviceAddress 
MaxSocLevel:  ProcessName 
MinSeclevel:  ProcessName 
State:  OriveStatus 
At tachedProcess:  ProcessName 
Access:  set  of  Accessflodes 
end 


Shar ab I eDr i veEntry: 
r  ecord 

Raddrs  OeviceAddress 
State:  SharableOr i veStatus 
SecLevel:  ProcessName 
MountedVolume:  Volume id 

end 


SnaredVo I umeEntry: 
record 

Volume:  Volumeid 
SecLevel:  ProcessName 
MountedOevice:  OeviceAddress 
State:  VolumeStatus 

end 


HiniDi skEntry: 

record 

MDName:  fliniOi  skName 
ContainingVolume:  Volumeid 
Cylinders:  (1 . .tfMaxCy I inders, 

1. .tfhaxCyl  inders) 
SecLevel:  ProcessName 
CurrentL i nks:  set  of  ProcessL inkEntry 
AccessControlList;  set  of  ACLEntry 

end 
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ACLEntry: 

record 

User:  Vir tualflachineName 
Access:  set  of  Accessflodes 

end 


Responses  lot: 

record 

Respondent:  ProcessName 

Text:  string 

State:  ResponseStatus 

end 


Pend i ngReques  t : 

record 

Msgld:  (lessageld 
Kind:  RequestCategory 
Command:  CommandName 
Responses:  set  of  ResponseSlot 
end 
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t 

ti 


Data  Structures 


constant 
cons  tant 
constant 
constant 
constant 
constant 
constant 


AddressSpaceSize:  0..81S2 
CodeSIze:  0..8192 
flflaxCy I  inderss  positive  integer 
Code:  integer 

MlaxRetr les:  nonnegative  Integer 
WlaxNkcps:  nonnegative  integer 
WlaxVMs:  nonnogative  integer 


tfNkcps:  0. .  tfflaxNkcps 
WVHs:  0. .  //MaxVMs 
Wsers:  nonnegative  integer 
Shut t i ngOoun:  boolean 

URPOunedOev i ces:  set  of  URPOunedOeviceEntry 
NonsharableDr  i  ves:  set  of  NonsharableOr  i  veEntry 
Sharab  I  cDr  i  ves:  set  of  Sharab  I  eOrl  veEntry 
SharedVolumes:  set  of  SharedVolumeEntry 
IliniDisks:  set  of  IliniDi  skEntry 
CurrcntNkcps:  set  of  NkcpEntry 
Linos:  set  of  LineEntry 
UserOirectory:  38t  of  DirectoryEntry 
Pend i ngRequest3:  set  of  PendingRequest 
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Initial  Condi t lone 


//Nkcps  -  0 

« 

//VMs  -  0 
& 

//Users  *  0 
& 

(~Shut  1 1 ngOoun) 

& 

for  oil  (NSiNonsharableOr iveEntry)  In  NcnsharableDr Ives: 
(NS. State  •  Available 
& 

NS. At tachedProcess  •  AuthProcess) 

« 

for  all  (S: Sharab I eOr iveEntry)  in  SharableDr Ives: 

(S. State  -  Avai  table) 

& 

for  al  I  (VjSharedVolumeEntry)  In  SharedVoiumes: 

(V. State  ■  NotMounted) 

& 

for  all  (HsfliniOi  skEntry)  in  IliniOi  sksi 
(Emptg  (M.CurrentLinksl ) 

& 

Emp  ty (CurrentNkcpsl 
& 

for  all  (LsLineEntry)  in  Lines: 

(L. State  -  Free 
& 

L. Cyc I ePos i t i on  -  Available 
& 

L.AttachedVM  •  AuthProcess) 

& 

Empty (PendingRequests) 


i 


i 


s 
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WNkcps  <■  #da*Nkcps 

//VMs  <-  MlaxVfls 
& 

WUscrs  <•  tfdaxllsers 
& 

I  nvar i an  t  sO  f URPOunedOev i ces 
& 

I  nvar i antsOfNonsharableOr i vet 
& 

I  nvar i an  t  sO  f Sharab I eOr i ves 

I  nvar i antsOfSharedVo lumes 
& 

.  var i antsOfdiniOi sks 
& 

I nvar i an  t  sO f Cur r en tNkcps 
& 

Invar iantsOfLines 


& 

I nvar i an  t  sO  f Pend i ngReques t  s 
& 

I  nvar i hn t  sO  f UserO i rectory 


System  Development  Corporation 
Td-6062/1 11/08 
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Invar i ant sOfURPOuncdOev ices  • 

for  all  (Ul ,U2tURP0uned0eviceEntru)  in  URPOunedOe vices: 
(Ul.Raddr  »  U2.Raddr  ■>  Ul  ■  U5) 

4 

for  all  (UsURPOunedOeviceEntry)  in  URPOunedOevices» 

(Dom  I  na  t  es  tU .  flaxSecLe ve  I ,  U .  fl  i  nSecLe ve  I  ] 

4 

OeviceType tRaddr]  inset  {Reader, Printer, Punch, TapeOrive) ) 
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Invar lantsOfNonsharableOr Ives  ■ 

for  all  (NSl ,NS2«Nonsharable0r iveEntry)  In  NonsharablaDr iveat 
(NSl.Raddr  •  NS2.Raddr  ■>  NS1  »  NS2) 

4 

for  all  (NS» Nonsharab I eDr IveEntry)  In  NoneharableOr  I  vest 
(Dom I na toe  tNS.ttaxSecleval.NS.ttinSecLeveU 
4 

NS. State  •  Attached  ■> 

for  some  (N: NkcpEntry)  In  CurrentNkcpet 
(N. Process  «  NS. At tachedProcess 
4 

Dominates  INS.flaxSecLeval  ,N. Process] 

4 

Dominates  (N.Procees.NS.tlinSecLevel] 

4 

for  some  (Ai A t tachedOev I ceEntry)  In  N.AttachedOev'cesi 
(A.Raddr  •  NS.Raddr))) 
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Invar lantaOfSharableOr ives  - 

for  all  (SI ,  S2i Sharab I eDr I veEntry)  In  Shared  I eDr I  vest 
(Sl.Raddr  ■  S2.Raddr  ■>  SI  *  §2) 

& 

for  all  (St Sharab I eOr I veEntry)  In  Sharab I eDr I  vest 
(S. State  -  At tachedToSystem  -> 

for  some  (VtSharedVolumeEntry)  in  SheretfVolumest 
(V. Volume  •  S.flr jntedVolume 
& 

V. State  -  Mourted 

t 

V.MountedOevIcs  ■  S.Raddr 

& 

Dom  i  na  .es  IS.  SecLeve  I ,  V.  SecLeve  ID) 


132 


9  December  1377 
Author  1 2at ion  Process 


System  Development  Corporation 
711-6082/111/00 


Invar lenttOfShareoVolumes  • 

f°r /vi  SharedVolumeEntry)  In  SharedVo lumas t 

(VI. Volume  <•  V2. Volume  ->  VI  .  V2) 

<5 

f0Pi!^i,^Sh^*dVo,,*,,£ntrW>  in  SharedVolumeai 
(V. state  •  Mounted  •> 

fOrie°2*JS,ShSr2b,#0rli:,EntPW)  SharablaOr  West 
t5*n*ciar  •  V.nountddOevIc* 

S.  Mounted Vo  I ume  •  V. Volume 
4 

S. State  •  At tachedToSyetem 
& 

Oom I n a  tes  tS. Seel eve  I , V, SecLeve 13)) 
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l  nvar  i  an  t  eO  til  I  n  i  0  i  sk  *  - 

for  oil  (MjflinlOl sKEntry)  In  MlnlDlektt 

4  Do* '"«*•«  tv.  SecLeve  I ,  II.  SecLeve  I  ] ) 

H.Cyl  Indent, 2  >  11. Cy I  Indera.  1 

J.C«llnd«-..l  <  *Cgn„d.r.In.Cont.inlnsVolu.0J 
«.Culinc.rs.2  «C«nnd.r»(rt.ContalnlnsVolu».) 

'0r(]!E.p?&Sir?E'',r'"  ln  ''■Curr'' 

d 

^  L. Access  *  C. Access! 

tv.vnName  »  A. User)) 


& 


& 

Urit«  tnset  C. Access  -> 

f. Frocoae  •  H. SecLeve I ) ) 


(  UEmpty(tt, Cur rcntL inks! )  •> 

V. State  -  Mounted 

'°rM'?h ZX1&S32*  in  . 

<5 

S.nountedVolume  -  V. Volume 
4  S. State  •  AttachedToSyetem))) 
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for  all  (A1 ,A2» ACLEntry)  In  M.AccessControltl it« 
(Al.User  -  A2.User  ->  A1  -  A2) 

& 

for  all  (AtACLEntry)  In  fl.  AccessControlLi  «tt 

(for  some  (DiDirectoryEntry)  In  UserO I  rectory « 
(0. Userid  •  A. User) 

& 

-Empty (A. Access) ) ) 
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1 nvar i antsOfCurrentNkcps  - 

for  all  ( N 1 , N2: NkcpEntry)  in  CurrentNkcpss 
(Nl. Process  -  N2. Process  ->  N1  ■  N2) 

4 

for  all  (N: NkcpEntru)  in  CurrentNkcps: 

(for  all  (VM1 , VI12* VMEntry)  in  N.Vrie: 

(Vfll.VMName  -  Vf12.Vf1Name  ->  Vfll  -  Vf12) 

4 

» A02: A t tachedOeviceEntry)  in  N. AttachedDevices: 
(AOl.Raddr  -  A02.Raddr  ->  ADI  -  AD2) 

4 

for  all  (ll,L2:MDLinkEntry)  in  N. Links! 

(U.flOName  -  L2.MDNane  ->  Li  -  L2) 

& 

for  all  (VM: VHEntry)  in  N* VMs: 

(for  some  (D:OirectoryEntry)  in  UserDi rectorus 
(D.  User  Id  ■  V.VHName 

4 

Oomi nates  (D.flaxSecLeve  i ,N. Process) 

5 

Oom i nates  [N. Process, 0. M i nSecLeve I ] ) 

4 

(VM.Di sconnected  ■> 

for  all  (L:L ineEntry)  in  Lines: 

( (L.AttachedVfl  .  Vfl.VUName 
4 

L.RequestedSecLevel  ■  N.P  ocess 
4 

L. State  ■  Attached)  -> 

L. Connect  ion  Logon)) 

( (~VM.Di  sconnected)  -> 

for  some  (LsLineCntry)  in  Lines: 

(L.Laddr  ■  VM.Laddr 
4 

L.AttachedVfl  -  Vfl.VnName 
4 

L.RequestedSecLevel  -  N. Process 
4 

L. Connect  ion  ■  Logon 
4 

L. State  inset  (AttachVal idat ion, Attached! ) > 

to 

for  all  (U: L i neAddress)  in  Vfl. Users: 

(for  some  (L: L i neEntry)  in  Linss: 

(L.Ladd>-  -  U 
4 

L. At tachedVfl  -  vn.VMNamo 
4 

L.RequestedSecLevel  «  N. Process 
4 

L. Connect  ion  *  Dial 
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& 

L. State  inset  (AttachVal Idation, Attached ) 

« 

U  Vd.laddr) ) 

& 

for  all  (AD: AttanhedOeviceEntry)  in  N.AttachedOevices: 

(for  some  (NSsNonsharableOr i veEntry)  in  Nonsharabl eOr i vest 
(NS.Raddr  -  AD.Raddr 
& 

Dominates  (NS.daxSecLevel  ,N. Process! 

& 

Dominates  (N. Process, NS. flinSecLeval! ) 

& 

'Empty [AD. Access] ) 

& 

for  all  (L:dOL inkEntry)  inN.Linkss 

(for  some  (d: d i niD i skEntr y)  in  MiniOisks: 

(d.dOName  -  L.dDName 
& 

Com i na tes  (N. Process, M. SecLbve I ! 

& 

for  some  (CsProcessL  i  stEntry)  in  fl.CurrentL  i  nks: 

(C. Process  -  N. Process 
& 

C. Access  -  L. Access) 

& 

for  some  (A:ACLEntry)  in  H. AccessControlLi st* 

(for  some  (Vfl: VflEntryi  in  N.VTIs: 

(Vd.VdName  -  A. User)) 

& 

Write  inset  L. Access  -> 

d.SecLevel  •  N. Process) 

& 

-  Empty  [L.  Access! ) ) 

& 

for  all  (N1 ,N2:NkcpEntry)  in  CurrentNkcps: 

(for  a1  I  (AOlsAttachedOeviceGntry)  in  Nl.AttachedDevices: 

(for  all  (AD2: AttachedOeviceEntry)  in  NZ.AttachedDevices: 
(AOl.Raddr  A02.Raddr))) 
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Invar iantsOfLines  « 


for  all  (Ll,L2:LincEntry)  in  Line-. 

(Ll.Laddr  »  L2.Laddr  ■>  LI  »  L2) 

& 

for  all  (’  ’.LineEntry)  in  Lines; 

(Com  i  nates  (L.daxSecLevel , L.dlnSecLeve 1 1 
& 

L. State  •»  At tachVa I  idat  i on  -> 

L.CyclePosi tion  inset  (Retry, Readini tialPassuord, 

ReadAccessPa  sword, Hook ingPer ipheral  s, 
Not i fyingNkcp) 

& 

L. State  »  Attached  ■> 

L. Cyc I ePos i  t  i on  inset  (At 'cached, ReadL inkPasswordl 

& 

L. State  »  Free  -> 

L.CyclePosi tion  inset  (Oi sabled.Avai lable.ReEnablePendingi 

& 

L. State  inset  lAt tachVal i dat ion, At tached)  ■> 

(Dominates [L.daxSecLevel .L.RequestedSecLevel] 

& 

Dominates  (L.RequestedSecLevel  ,L.di nSecLeve 1 1 ) 

& 


& 


L. State  -  Attached  »> 

(for  some  (N: NkcpEntry)  in  CurrentNkcps; 

(N. Process  -  L.RequestedSecLevel 
S 

for  some  (Vd: VMEntry)  in  N.Vdss 
(Vd.VdName  ■  L.AttachedVd 

5 

(L. Connect  ion  ■  Logon  •> 

(Vd.Laddr  -  L.Laddr 

S 

~Vd. D i sconnected) ) 

6 

(L. Connect  ion  -Dial  »> 

for  3ome  (U;LineAddress)  in  Vd. Users; 
(U  -  L.Laddr j ) ) ) ) ) 
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for1  all  (LI  ,L2:L  ineEntry)  in  Lines: 
((Ll.Raddr  *»«  LZ.Raddr 
& 

LI. State  ■  Attached 
G 

L2. State  *  Attached 
G 


LJ  At tachedVtl  -  L2. AttachedVfl 
& 

ul.RequestedSecLevel  *'  L2.RequestedSecLevel 

LI . Connect i on  ■  Logon)  »> 

L2. Connect  ion  -  Oia>) 
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i  nvar  i  an  1 90  f  Pend  i  nciReque 

f°r /p!  ,M(P|LP2soof1Min'Rsqu*9t)  in  PendingRequeets: 
(Pl.Dsgld  -  P2.Msgld  ->  PI  -  P2) 

Ct 

far  ail  (P;pendingRequest )  inPendincjRequeats: 

{f0r/oi  o  Ri,R2:Re9ponseSlot)  in  P* Responses: 

&  <R1 -Respondent  •  R2. Respondent  •>  R1  «  R2) 

for  s°;e  <R: Responses  lot)  in  ?. Responses: 

(h, State  NoResponse) 

--Empty  [P. Responses] ) 


U0 
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Invar iantsOfUserDirectory  ■ 

for  all  (01 ,D2:0irectory£ntry)  in  UserOirectoryt 
(01. Userid  »  02. Userid  ->  01  •  92) 

4 

for  all  (OsDirectoryEntry)  in  UserOirectoryt 
(Dominates  (D.ttaxSecLevel  .O.HinSecLevell 
4 

for  all  (D01,DD2:Dcdicated0eviceEntru)  in  O.OedicatedOevices: 

(OOl.Raddr  -  002.Raddr  »>  001  ■  DD2) 

4 

for  al  I  (OOsDedicatedOeviceEntry)  in  O.OedicatedOevices: 

(DeviceType (OO.Raddrl  inset  IReader, Pr inter, Punch, TapeOr i ve) 
(for  some  (UtURPOunedOeviceEntry)  in  URPOunedOev i ces 
(OO.Raddr  ■  U.Raddr 
4 

OeviceType (OO.Raddrl  -  Reader  •> 

(00. VolSecLevel  ■  nil 
4 

00. Access  -  (Read!) 

4 

DeviceType  (OO.Raddrl  inset  IPr inter .Punch! •> 
(DO. VolSecLevel  -nil 
4 

DO. Access  -  (Ur i tel) 

4 

DeviceType (OO.Raddrl  -  TapeOr ive  -> 

(Dom  i  nates  (U.  flaxSecLeve  I ,  DO.  Vo  I  SecLeve  1 1 
4 

Oom i nates  (00. Vo  I SecLeve I , U . M i nSecLsve I ] 

4 

Oom  i  nates  (0.  flaxSecLeve  1 , 00.  Vo  I  SecLeve  1 1 
4 

-Empty (00. Access! ) ) ) 

4 

fieviceType (OO.Raddrl  -inset  IReader, Pr i nter, Punch, TapeOr i vel 
(for  some  (NStNonsharableOr i veEntry) 
ir  Nonsharabl eOr i vest 
(NS.Raddr  -  OO.Raddr 
4 

Dom  i  na  tes  (NS.  flaxSecLeve  I ,  DO.  Vo  I  SecLeve  1 1 
4 

Dominates (00. VolSecLevel , NS.flinSecLevel! 

4 

Dom  i  na  tes  (0.  flaxSecLeve  1 , 00.  Vo  I  SecLeve  1 1 
4 

-Empty (00. Access! ) )  1 
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for  all  (Ll,L2:f10LinkEntry)  in  O.Linkst 
(Ll.MOName  -  L2.nOName  ->  LI  -  L2) 

ft 

for  all  (L:f1DL  inkEntry)  in  D. Links. 

(for  some  (tlsfliniOi  skEntry)  in  MiniDlsks: 

(H.tlOName  -  L.fIGName 

4 

for  some  (AsACLEntry)  In  M.AccessControlListi 
(A. User  ■  0. Userid 
& 

for  all  (AM:  Accessflodes)  in  L. Access: 

(AM  inset  A. Access) ) 

5 

Dominates  CD.MaxSecLeve  I  .fl.SecLevel  1 ) 

& 

~Empty  (L.  Access] ) 

& 

for  all  (API , AP2: AccessPassuordEntry)  in  D.AccessPaseuorde: 
(APl.SecLevel  -  AP2.Sed.sve  I  ■>  API  -  AP2) 

* 

for  all  (AP: AccessPassuordEntry)  in  D.AccesaPassuords: 

(Oom i nates  (□. MaxSecLeve I , AP. SecLeve I ] 

& 

Dominates  (AP.SecLevel , D.flinSecLevel] ) ) 
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Global  Macros  /  Functions 


macro 


EndAcc.a.Sew.nc.IU-».Unrfntra.S..,omn.a.<,nT„B..)  . 

cage  Reason:  RcasonTypes  of 

IncorroctLegom  n  <-  "Forget  it,  Sub" 


ResourceFai  lure:  fl  <- 

o?qnJtt!?1S®*Urltu  ,eV8<  ^available 
or  not  able  to  run  another  Vfl" 


Securi tyVlotatlom 


MaxTbreshol dExceeded: 
NoNkcp: 


NoVtls 


end  ^ermina,Glearance/1ismatcht 

Kerne (Cal  I  (Sendfleasagef 

Wri teLine CL.laddr.M], 

^  NetuorkProcess)) 

Kerne (Cal  I  [SendMessage f 

ClearLine  IL ine.Laddr] , 

Lin..S«arrrF^^,,', 
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macro  AdclNkcpToSct  (ProcesssProcessNamel  - 
//Nkcps  <-  //Nkcps  +  1 
CurrentNkcps  <-  Append CCur ran tNkcpa, 

<Procaas  -  Process, 

Vfls  -nil, 

AttachedDevicea  -nil. 

Links  -  n i I >3 

KernelCal I  CSendflessageCAddNkcp [Process, Dev  ices!  .URProcess)] 
Kerne  I  Cal  I  CSendflesaage  (AddNkcp  CProcessJ  .OpProcees)) 


macro  Retry CL:LineEntry]  ■ 

L. //Retries  <-  L. //Retries  +  1 
if  L. //Retries  -  //flaxRetr  ies 

then  EndAccessSequence  CL , flaxThr  esho I dExceededl 
else  KernelCal  I  CSendflessageC 
Retry  CL. Laddr] , 

NetuorkProcess) J 
L.CyclePosi tion  <-  Retry 
end 


macro  TryNot i fyingNkcpCL:LineEntry]  - 

if  L. //Aua i t i ngHooks  -  0 

then  L. Cycle  Position  <-  Not i fy IngNkcp 
if  ■vL.LineOropped 

then  KernelCal  I  CSendflessageC 
ReOirectLinet 

L.Laddr, 

L.AttachedProcesel , 
NetuorkProcess)] 

end 

KernelCal  I  CSendflessage (NeuVfl CL]  ,L. AttachedProcess)  ] 

end 
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(  flsgOp:  process 

v 

Av  subdriver  of  AuthProcess, 

handling  messages  from  OpProcess  it/ 

given*  flsgld:  Messageld 
Text:  string 

entry:  just  received  message,  Source  •  OpProcess 

action:  If  for  some  (P:PendingRequest)  in  PendingRequests: 
(P.ttsgld  ■  ttsgld) 
then  Av  response  to  request  it/ 

error  Av  no  requests  to  OpProcess  it/ 
else  Av  request  from  OpProcess  it/ 
case  MsgName [Text]  of 
AUTOLOG : 

0P1 

ATTACH-RAOOR: 

OetermineRaddr [Text] 
error  on  for  a  I  I 

(NS: Nonsharab I eDr i veEn try) 
In  Nonsharab I eDrives: 
NS.Raddr  * -  Raddr 
CP3 

OETACH«-RAOOR: 

OetermineRaddr [Text] 
if  for  some  (NS: Nonsharab I eDr iveEntry) 
in  Nonsharab I eDrives: 
NS.Raddr  ■  Raddr 
then  0P4a 
else  if  for  some 

(5: Shar ab I eDr i veEn  t r y ) 
in  Sharab I eDrives: 

S. Raddr  ■  Raddr 
then  0P4b 
else  error 

end 

end 
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VARY  i 

OeternlnaRaddr iTextl 

if  for  ioms  (SiSharableOr I veEntry) 

In  SharablsDr I  vast 
S.Raddr  -  Raddr 
than  CPSa 
a  Isa  if  for  soma 

(NSiNonsharab I eOr I veEntry) 
in  NonsharableOr I vea: 
NS. Raddr  -  Raddr 
than  OPSb 
a  Isa  arror 

and 

end 

QUERY-OASO, 

QUERY-LINES, 

QUERY-GRAF, 

QUERY-NAMES, 

QUERY-USERS-X, 

QUERY-ALL i 
OPSa 

QUERY-SYSTEM-RADOR, 

QUERY-RAOOR: 

OPSb 


QUERY-USERS-USERID, 
QUERY-USER IDs 
OPSc 

LOCATE-RAOORi 

0P7 

SHUTDOUNj 

0P8 


MapUser Idi 
0P2 


end  MsgOp 


end 


and 


other: 

arror 
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flsgUR:  proreee 

/>v  eubdriver  of  AuthProcese, 

hand  I  ing  messages  from  URProcess  */ 

givem  flsgld:  Messegeld 
Text:  string 

entry:  just  received  message,  Source  -  URProcess.*/ 

action:  if  for  some  (P:PendingRequest)  in  PendlngRequests: 
P.flsgld  •  flsgld 
then  /*  response  to  request  »/ 
error  on  P.Klnd  %-  Attach 
case  HsgNametTextl  of 
Attached: 

UR3a 

AttachFai lad, 

OeviceNotAvai I  able: 

UR3b 

other: 

error 

end 

else  /*  request  *rom  URProcess  */ 
case  flsgName  ITextl  of 
NeedNKcp: 

UR1 

MapUserldJ 

UR2 


end  MagUR 


end 


end 


other: 

error 
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HocjNot:  pr oceat 

/>>  subdr  I  ver  of  AuthProeeaa, 

handling  mesaagee  from  NetworkProceae  */ 

glvem  ftsijfd:  (loasageld 
Text:  string 

entry:  ju« t  received  message,  Source  -  NetuorkProcesa 

action,  „  ,or  Rj-  In  P.n„nsR.qu..tl, 

then  /*  responae  to  request  »/ 

case  P. Ki nd: Requea tCatagoru  of 
ClearUne, 

ReOlrectLlna: 

JS5  on  n*QNamatTa*t)  UneStetue 

WrlteAndReadLine: 

case  MagNametTextl  of 
Llnelnfo: 

OetermineLaddr ITextl 

let  (LsUneEntry)  in  Lines: 

IL.Laddr  •  Laddr)  in 
case  L.StataiAct Ivl tyStatue  of 
Attachedt 
error  on 

l.CycitPosi tion  — 
....  ..RSadL '  nkPassuord 


AttachVal Idation: 

caae  L.CyclePosi tion: 
LineStatus  of 

Retry: 

LGDL2 

Read! n i t i a  I  Password: 

if  TEflP*L.CyclePosi  tion 
Per  f ormflesourceChecks 
then  LG0L5 

if  TEHP "L.CyclePoai  tion  » 

Hook  t  ngPer i phera I  a 
than  LG0L5 
LG0L7 
end 

TryNot I fy ingNkcp CL! 
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MogNkcp:  process 


/*  subdr ivtr  of  AuthProcess, 

hand  I  ing  messages  from  Nkcps  ft/ 

given:  Msgld:  iiessageld 
Text:  string 
Process:  ProcessName 

entry:  just  received  message,  Source  *  Process  */ 

action:  if  for  some  (P:PendingRequest)  in  PendingRequests: 

P. Msgld  •  flsgld 
then  /ft  response  to  request  ft/ 

case  P.Kind:Requestr~t»gory  of 
OpRequest: 

error  on  MsgName  [Text! 

ResponseToOpRe-juest 

ProcessResponse 

NeuVti, 

ConnectVM, 

NeuUser, 

NeuOr Connec  t  edVM : 

DetermineLaddr [Text! 

error  on  for  all  (L: L ineEntry)  in  Lines 
L.Laddr  Laddr 

LGDL8 

if  TEMP"l.CyciePosi  tion  - 
Per  f ormReoourceChecks 
then  LG0L5 

if  TEMP"L.CyclePosi ticn  - 
Hook i ngPer i phera I s 
then  LGDLS 
LGDL7 

•  end 

TryNot ; fy ingNkcp tLJ 
end 

Re  I inqui 3h0e  vice: 

error  on  MegName  CTextJ  OetachDevice 
NKCPS 

other: 

error- 
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% 


► 


4 

4 


end  MsgNkcp 


else  /v<  request  frcm  Nkcp  */ 
case  tlsgNcme  [Text!  of 
D! sconnect: 

NKCP1 

Logoff: 

NKCP2 

DropUser: 

NKCP3 

Link: 

NKCP4 

DetachOevice: 

NKCP5 

PurgeNkcp: 

NKCP7 

Account i ngRecord: 
NKCP8 


end 


end 


other: 

error 


I 
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AuthOriver:  process 


case  HouUeGotHere  o* 

External  Interrupt: 

case  InterruptSubType  of 
Message: 

case  Source  of 
OpProcess: 
URProceso: 
NetworkProcess: 
Nkcp: 
other: 


end 


MsgOp 

MsgUR 

MsgNet 

MsgNkcp 

/a  anybody  else  talk 
with  AuthProcess?  a/ 


end 


other:  /a  any  other  external  interrupts?  a/ 


end 


other:  /a  any  other  important  interrupt  classes?  a/ 


KcrnelCal I  [Receivelnterruptsl 
Kerne  I  Cal  I  CReleaseCPUl 
end  AuthOriver 
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NTUK1:  Network  process  message  re  line  status  (both  request 
response) 


givens  LacJdr:  LineAddrese 

CurrentLineStatuss  LineCcndi t ion 

error  on  ~(for  some  (LsLineEntry)  in  Liness 
L.Laddr  -  Laddr) 

actions  case  L.StatesActivi tyStatus  of 
Frees 

L.CyclePosi t ion  <-  CurrentLineStatus 
L.AttachedVN  <-  AuthProcess 

A 1 1 ached s 

let  (NsNkcpcntry)  in  CurrentNkcpss 
(for  some  (VsVtlEntry)  *n  N.Vttss 
(V.VfIName  -  L.AttaehedVIl 
8 

( (L. Connec c i on  ■  Logon 
8 

V. Laddr  -  L.Laddr) 
or 

(L. Connect  ion  »  Dial 
8 

for  some  (Us LineAddrese)  in  V 
U  ■  L.Laddr) ) ) )  in 
let  (VsVHEntry)  in  N.VHas 

(V.VjJName  •  L. AttachedVn)  in 
if  L . Connec t i on  ■  Logon 
8 

V. Laddr  ■  L.Laddr 
then  V. Disconnected  <-  true 
Kerne ICa I  I  (SenOflessaget 

LineDi sconnected  t 
L.Laddr, 

V, VPIName) , 

N. Process) ) 

KernelCal  I  (Sendflessage  ( 

LineDi sconnected [ 
L.Laddr, 
V.VMName), 
OpProcess) ) 
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else  let  (U:L ineAddress)  In  V. Users: 

(U  -  L.Laddr)  in 
Kerne  I  Cal  I  tSendflesaaget 
Dropped  [V,U] , 

N. Process)] 

Kerne  I  Cal  I  (Sendflessaget 
Dropped  LV,U] , 

OpProcess)] 

V. Users  <-  Remove CV. Users, U] 
end 

L. State  <-  Free 

L.CyclePosi t ion  <-  CurrentLlneStatus 
L. AttachedVM  <-  AuthProcese 

AttachVal idation: 

case  L.CyclePosi tioniLineStatus  of 
HookingPer ipherals. 

Notify  I ngNkcp: 

L.LineOropped  <-  true 

other: 

L. State  <-  Free 

L.CyclePosi t ion  <-  CurrentLineStatus 
L.AttachedVfl  <-  AuthProcess 

end 

end 
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exit:  N"L. State  ■ 

i f  L. State  -  Attached 

I 

(L. State  ■  AttachVal idat ion 

& 

L.CyclePosi t ion  -inset  ( 

Hook i ngPer i pher a  I s , 
Not i fy i ngNkcpJ ) 

then  Free 
el se  L. State 

end 

NT.CyclePosi tion  - 

if  L. State  -  Attached 
I 

(L. State  -  AttachVal idat ion 

& 

L.CyclePosi tlon  -inset  f 

Hook i ngPer i pher a  I s , 
Not i fyingNkcpI ) 
then  CurrcntLineStatue 
else  L . Cyc i ePoe i t i on 

end 

NT.  A  t  tachedVfl  • 

if  L. State  -  Attached 
I 

(L. State  -  A! tachVal idation 
& 

L.CycleFisi tion  -inset  ( 

l  look  i  ngPer  i  pher  a  I  s , 
f'ot  i  fyingNkcpI ) 
then  AuthProcess 
else  L.  At  tachedVfl 

end 

N"L.L ineDropped  « 

if  L. State  »  AttachVal idation 

& 

L.CyclePosi tion  inset  I 
Hook i ngPer i pher a  Is, 

Not i fyingNkcpI 
then  true 

else  L.LineOropped 

end 
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if  L. State  ■  Attached 
& 

L. Connect  ion  •  Logon 
& 

l.Laddr  -  V.Laddr 
then  N"V,D1 sconnected  -  true 
else  N"V.0i sconnected  ■  V.Di sconnected 
end 

if  L. State  -  Attached 
& 

~(L. Connect  ion  ■  Logon 
& 

V.Laddr  ■  Laddr) 

& 

for  some  (U:l ineAddresa)  in  V. Users: 

(U  ■  L.Laddr) 

then  N"V, Users  ■  Remove (V. Users, U] 
else  N"V. Users  •  V. Users 
end 

i f  L. State  -  Attached 

then  Kerne  I  Cal  ledCSendflessage(OpProcess)] 
else  Kerne  I  Cal  I edCSendflesaagetN.  Process)] 
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LCOLlj  Network  Process  message.  LOGON  or  DIAL 


request  received 


given:  Laddr:  LineAddress 

At  temptedCommand:  AccessCatesoru 
Userid:  Vir tualdachineName 
Reques  tedSecLeve I :  ProcessName 

error  an  ~<for  some  (L:L  ineEntry)  in  Lines: 

(L . Laddr  »  Laddr 
& 

L. State  •  Free 
<S 

L.CyclePosi t ion  -  Available)) 

action:  if  Dominates  CL. MaxSecLeve I. Reques tedSecLeve I J 

t,?e<i,u#8 tedSecLeve  I .  L.  fli  nSecLeve  I ) 
then  L.wRetr ies  <-  0 

L .  tfA ua  i  t  i  ngHook  s  <-  0 
L. State  <-  AttachVal idation 
L. Connect  Ion  <-  At temptedCommand 

i  am  *^ion  ,1“  R®*dlni  t  ia IPassword 
L.AttachedVN  <-  Userid 

L. Reques tedSecLeve f  <-  Reques tedSecLeve I 

L.L meOropped  <-  false 

L.Hsg  <—  nil 

kernel  Cal  I  CSendtlessage  ( 

Readlni tialPasswordlL. Laddr J , 
NetworkProcess)! 
else  EndAccessSequence CL, 

4  end  TerminalClearanceMismatchl 
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LGDL2:  Network  Process  message  (Retry  of  LOGON  or  DIAL) 


given:  Laddr:  LineAddress 

Userid:  Vir tualMachineName 
RequestedSecLevel:  ProcessName 


entry:  for  some  (L:L ineEntry)  in  Lines: 
(L. Laddr  -  Laddr 
& 

L. State  -  AttachVal idation 
& 

L.CyclePosi tion  ■  Retry) 


action:  if  Oom i nates tL.MaxSecLeva i .RequestedSecLevel! 

& 

Dom i na  t  es  [Reques  tedSecLeve I , L . M i nSecLeve 1 1 
then  L.CyclePosi tion  <-  Readlni t iaIPassuord 
L.  AttachedVfl  <-  Userid 
L. RequestedSecLevel  <-  RequestedSocLeve I 
Kerne  I  Cal  I  (Sendflessage  ( 

Readlni tialPassuordCL. Laddr) , 
NetworkProcess)) 
else  EndAccesaSequenceCL, 

Term  tna  1C  I  ear  anc8f1i  smatch) 

end 


exit:  N"L.CyclePosi tion  - 

i f  OominatesCL.flaxSecLevel .RequestedSecLevel) 
& 

Dominates [RequestedSecLevel .L.HinSucLevei ) 
then  Readlni t iaIPassuord 
else  ReEnablePending 

end 

N"L. State  - 

i f  OominatesCL.flaxSecLevel .RequestedSecLevel ) 
& 

Oominates  [RequestedSecLevel  .L.fli  nSecLeve  I ) 
then  L. State  /*  AttachVal idation  */ 
else  Free 

end 

N”L.  At  tachedVfl  ■ 

i  f  OominatesCL.flaxSecLevel  .RequestedSecLevel ) 
& 

Oom  i  na  tes  [Reaues tedSecLeve  I ,  L.  fl i  nSecLeve  I ) 
then  Userid 
else  AuthProcess 
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NHL. RequestedSecLevel  ■ 

i f  DominateetL.daxSecLevel .RequastedSecLeve  I  ] 
& 

Dam  i  nates  IReques  tsdSecLeve  I , L.  fl  i  nSecLeve  1 1 
then  RequestedSecLevel 
else  L.RcquestedSecLevei 
end 

NnPendingRequestB  • 

i  f  Oom i nates  (L. daxSecLeve  I , Request adSecLs ve  1 1 

Dorn i nates  CRequee  tedSecLeve I , L. M i nSecLeve 1 1 
then  Apoend CPend I ngRequests.Entryll 
e I se  Append IPendi ngRequests,Entru21 
end 

if  Dominates  tL.  flaxSecLeve  i  .RequestedSecLevel  1 
& 

Dominates  [RequestedSecLevel  ,L.dinF'»cLevel] 
then  KeTelCal  I ed  (Senddessage (Netuo  ‘kProcess)! 
else  KernalCal  I  edtSendflessage  (NetuorkProcess)] 

Kerne ICa ! I ed  (Senddessage (NetuorkProcess) 1 

end 

where  Entryl  -  cdsgld  ■  new  Ides sage Id! , 

Kind  ■  Ur  i  teAndReadlline, 

Command  ■  Undefined, 

Responses  -  ^Respondent  -  NetuorkProcess, 

Text  -nil, 

_  .  _  „  ,  State  -  NoResponse>) > 

EntryZ  ■  <dsgld  ■  new [dessageldl , 

Kind  •  ClearLine, 

Command  -  Undefined, 

Responses  -  URespondent  -  NetuorkProcess, 

Text  •nil. 

State  ■  NoResponse>l > 
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LG0L3:  Uoerid,  password,  and  raquaatad  security  level  validations 


given:  Laddr:  LlneAddrest 
Password:  string 

entry:  for  some  (L:LineEntry)  in  Unas: 

(L. Laddr  ■  Laddr 
& 

L. State  -  AttachVal Idation 
& 

L.CyclePosi tion  -  Readlnl tlalPasauord) 

action:  if  for  some  (0:0lrectoryEntry)  .in  UserDirectory: 

(0. Userid  -  L.AttachedVPI  * 

& 

(L. Connect  ion  ■  Logon  ■> 

0. LogonPassword  »  Password) 

4 

(L. Connect  ion  -Dial  •> 

O.DialPassword  ■  Password)) 
then  Av  perform  security  level  checks  */ 

I f  Oom i na  tea  ID. MaxSecLeve I , L . Reques  tedSecLeve  I  ] 

Q» 

Oom i nates  IL . RequeatedSecLeve I ,  M i nSecLeva  I  ] 
then  if  for  some  (A: AccessPasswordEntry) 

in  O.Acce3sPassuords: 
(A.SecLevel  -  L. RequeatedSecLeve I ) 
then  L.CyclePosi tion  <- 

ReadAccessPassword 
Kerne  I  Cal  I  CSendflessage { 

ReadAccessPassword IL. Laddr] , 
NetuorkProcess)  ] 
else  L.CyclePosi tion  <- 

Per  for mResour ceChecks 
end 

else  / v*  security  violation  */ 

EndAcceeeSequence  CL, Secur i tyV I o I  at i on] 
end 

else  Retry  CL] 

end 


ft 


H 
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\ 


ex  I  t: 


N’'L.CyciePosi  t  Ion  • 

If  for  some  (OiOirectoryEntry)  In  UeerOirectoryi 
(0. Userid  •  L. At tachedVM 

5 

(L. Connect  ion  ■  Logon  ■> 

O.LogonPassword  »  Password) 

6 

(L. Connect  ion  ■  Dial  ■> 

O.OialPassword  ■  Password)) 
then  if  Oomlnates  (O.MaxSecLeve  I  ,L. Reques tedSecLeve  I ) 
& 

OominatesIL.RequestedSecLevel  .O.MinSecLevell 
then  If  for  some  (A:AecessPassuordEntry) 
in  0. AccessPasswordst 
(A.SecLevel  -  L. Reques tedSecLeve I ) 
then  ReadAccessPassword 
else  Per formResourceChecks 
end 

else  ReEnablePending 
end 

else  if  NML.#Re tries  -  0MaxRetr les 
then  ReEnablePending 
else  Retry 

end 

end 

N"L. State  - 

if  (for  9ome  (OiOirectoryEntry)  in  UeerOi rectory: 

(D. Userid  •  L.AttachedVM 
& 

(L.Connection  -  Logon  ■> 

O.LogonPassword  ■  Paasuord) 

& 

(L.Connection  ■  Dial  »> 

O.OialPassword  •  Password)) 


& 


- (Dom i na  t  as  10. MaxSecLevs I . L . Reques  tedSecLeve I J 
S 

Dominates  IL.  Reques  tedSecLeve!  .D.flinSecLeve  I) ) ) 
I 


N"L. /(Retries  ■  /KMaxRetries 
then  Free 
else  L. State 

end 

N“L. At tachedVM  - 

if  (for  some  (OiOirectoryEntry)  in  UserOi rectory: 
(0. Userid  »  L. At tachedVM 
& 

(L.Connection  ■  Logon  ■> 

O.LogonPassword  •  Password) 

4 

(L.Connection  ■  Dial  ■>' 

O.OialPassword  •  Password) ) 


& 
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-  (Com  i  na  t es  CO.  NaxSecLeve  I ,  L .  Reques  tedSeeLeve  1 1 

o 

I  Dominates CL.RcquastedSacLevel .O.HinSecLevelJ ) ) 

N"L. ^Retries  *  tfflaxRetr les 
then  AuthProcess 
else  L.AttaehedVtl 
end 

N"L. Retries  - 

if  ~<for  some  (0«DlreetoryEntry)  In  UserDlractoryj 
(0. User fd  -  L.AttaehedVtl  w 

& 

CL. Connec 1 1  on  ■  Logon  •> 

O.LogonPassword  -  Password) 


CL. Connect  ion  ■  Dial  ■> 

O.OlalPastword  »  Password))) 
then  L.tfRetnes  +  1 
e  I  se  L./fRetr  ies 

end 

N"Pendi ngReques ts  • 

if  for  some  (OsQirectoryEntry)  in  UserD I  rectory 
fu. Userid  «  L.AttaehedVtl 
& 

(L. Connect  ion  ■  Logon  ■> 

O.LogonPaasword  -  Password) 


then 


else 


(L. Connect  ion  *  Dial  »> 

_  O.OialPassword  »  Password)) 
if  Oom  i  na  t  es  CO.  flaxSecLeve  I ,  L .  Request  edSecLa  ve  I ) 

Oom i nates  CL . Reques t edSecLeve I , D . Mi nSecLeve  I ) 
than  if  for  some  (A:AccessPasswordEntry) 
in  O.AcceasPasswords: 

(A.SecLevel  >  L.RaquestedSacLevel ) 
then  Append  [Pend i ngReques  t s , En tryl ] 
else  Pend i ngReques ts 
end 

e I se  Append [Pend i ngReques ts, Entry2) 

Gncf 

if  N"L. ^Retries  »  AIMaxRetr i es 

then  Append  CPend i ngRequea t  s , En  t ry2J 
e l se  Append  CPend I ngReques  t  s , En  tr yl ] 

end 


end 
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if  for  some  (OiOlrectoryEntry)  in  UserDirectoryt 
(D. Userid  •  L. At tachedVH 
4 

(L. Connect  ion  ■  Logon  ■> 

D.logonPassword  »  Password) 


(L. Connect  ion  ■  Dial  »> 

O.DialPassuord  *  Password)) 

•then  If  Oom i na  tes  [D, MaxSecLeve I ,  L .  Reques  t  edSecle ve  1 1 
4 


Dorn  I  na  tes  IL . Reques  tedSecLeve ! , 0. M i nSecLe ve  1 1 
then  it  for  some  (A: AccessPasswordEntry) 
in  0. AccessPasswordst 
(A.SecLevel  ■  L. Reques tedSecLeve  I ) 
then  Kerne iCa  1 1  ed  tSendMessage  ( 
NetuorkProcess) 1 
end 

else  Kerne  ICa  I  led  tSendMessage { 
NetworkProcess) ] 

KerneiCal led tSendMessage ( 
NetworkProcess) ) 


end 

else  if  N"L.#Retr ias  »  tfMaxRetr i es 

then  KerneiCal  led  ISendflessage  ( 
NetuorkProcess) ) 
KerneiCal  led tSendMessage ( 
NetworkProcess) ] 
else  KerneiCal led tSendMessage ( 
NetworkProcess) ) 


end 


end 


where  Entryl  -  <MsgId  ■  neu  [Message Idl , 

Kind  •  Ur i teAndReadLine, 

Command  -  Undefined, 

Responses  •  IxRespondent  ■  NetworkProcess, 
Text  »  ni  I , 

State  -  NoResponse>) > 

Entry2  •  <MsgId  ■  new (Message i dl , 

Kind  m  ClearLine, 

Command  ■  Undefined, 

Responses  -  URespondent  ■  NetuorkProcess, 
Text  ■  ni  I , 

State  •  NoResponse>) > 
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'.G0L4:  Perform  access  passuord  checks 


givens  l.addrs  LineAddress 

AccessPasauord:  string 

entry:  for  some  (LsL ineEntry)  in  Lines: 

(L.Laddr  -  Laddr 

6, 

L. State  ■  AttachVal idat ion 
S 

L. Cyc I ePos i t ion  ■  ReadAccessPassuord) 

error  on  •«(for  some  (OsOlrectoryEntry)  in  UserD i rectory: 

(0. Userid  »  L. Userid 
& 

for  some  (As AccessPassuordEntry) 

in  D.AccessPasswords: 
A.SecLevel  ■  L.RequestedSecLeve I ) ) ) 

action:  if  A. Password  ■  AccessPassuord 

then  L.  Cyc  I  ePos  i  t  i  on  <-  Per  f  ormRe'jourceChecks 
else  Kerne  I  Cal  I  [Sendflessage  ( 

SecViol  [L.Laddr, 

L. Attached VM, 
RequestedSecLeve 1 1 , 
QpProcess)] 

Retry [LI 
end 

end 


exit:  N"L.CyclePosi tion  ■ 

if  A. Password  *  AccessPassuord 
then  PerformResourceChecks 
else  if  L. //Retries  +  1  -  //flaxRetr  i  es 
then  ReEnablePending 
else  Retry 
end 
end 

N"L. //Retries  - 

if  A. Password  *<■  AccessPassuord 
then  L. //Retries  +  1 
else  L. //Retries 

end 

N"L. State  - 

if  A. Password  AccessPassword 

« 

N''L. //Re tr i as  ■  //flaxRetries 
then  Free 
el se  L. State 
end 
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f 

4 


N"L.At  tachedVfl  . 

if  A. Password  *<•  AccessPassuord 
& 

N"L. ^Retries  *  /SfflaxRetries 
then  AufhProcess 
else  L.AttachedVH 
end 

N"PendingRequests  ■ 

if  A. AccessPassword  ■  Password 
then  PendingRequests 
else  if  N"L.ARe tries  -  MlaxRetries 

then  Append [PendingRequests.Entryl) 
e I se  Append  fPend i ngReques  t s, En  tr y2J 
end 
end 


i  f  A. Password  *»«  AccessPassword 

then  KernelCal  ledtSendflessagetOpProcess)] 
if  L.#Re tries  +  1  «  tfttaxRe tries 
then  KernelCai  ledtSendllessagel 
NetuorkProcess) ) 
KernelCal led [SendHessaget 
NetuorkProcess) ) 
else  Kerne  (Called  tSendtlessage  ( 
NetuorkProcess)  1 

end 

end 


where  Entryl 


Entry2 


<f1sgld  *  new  tfles  sage  Id) , 

Kind  »  ClearLine, 

Command  -  Undefined, 

Responses  -  (Respondent  -  NetuorkProcess, 
Text  »  ni I , 

State  ■  NoRe3ponse>) > 

<nsgld  new  tiles  sage  Id) , 

Kind  ■  Ur i teAndReadLine, 

Command  »  Undefined, 

Responses  -  (Respondent  -  NetuorkProcess, 
Text  ■  nil. 

State  ■  NoResponse>) > 
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LGDLSs 


Perform  resource  checks 


givem  LsLineEntry  in  Lines 

DsOirectoryEntry  in  UserOirejtory 


error  on  <v(D. Userid  »  L.At taehedVtt 

ft 

■v  Shut tingOoun) 


action: 


If  L. Connection  »  Logon 

then  if  for  all  (NsNkcpEntry)  in  CurrentNkcps: 

N. Process  L.RequestedSecLevel 
then  i f  tfNkcps  <  #P!axNkcps 

then  CreateNkcp  CL . Reques tedSecLeve  1 1 
else  EndAecessSequencelL.NoNkcp) 


end 

let  (NtNkcpEntry)  in  CurrentNkcps: 

(N. Process  *  L.RequestedSecLevel)  in 
if  for  all  (V j VflEn try )  in  N.VFIs: 

V.VfIName  L.AttachedVM 
then  KernelCall  tCreateVMIL.  AttachedVfl, 
N. Process)) 


if  OK 

then  #Vt1s  <-  #Vtls  +  1 

flUsers  <-  ffUsers  +  1 
N.Vfls  <-  Append  CN.Vhs, 
cVMName  - 

L.AttachedVfl, 

Laddr  *  L.Laddr, 

Disconnected  -  false. 

Users  -  nil, 

Msg  -  ni l>) 

L.CyclePosi tion  <-  Hook i ngPer i phera I  s 
else  EndAccessSequence [L.NoVUI 
KernelCal  I  ISendflessage  ( 

Purgel fAb I e,N. Process) ) 


end 
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else  let  (VsVflEntry)  in  N.Vfls: 

(V.VfIName  •  L.AttachedVfl)  in 
i f  V. Disconnected 

then  V.Laddr  <-  L.Laddr 

V. Disconnected  <-  false 
#Users  <-  tfUsers  +  1 
KernelCal I  tSendllessage  ( 
Re0ir6ctLine  [L.Laddr, 

N. Process], 
NetworkProcess) ] 

KernelCal  I  tSendllessage ( 
ConnectedVfl  CLJ , 

N. Process) ] 

L.Cyc I ePos i t i on  <- 

Not i fyingNkcp 

el se  Retry  CL] 

end 

end 

el 9e  if  L.Conriection  ■  Dial 

then  if  for  some  (N:NkcpEntry) 
in  CurrentNkcps: 

(N. Process  ■  L.RequestedSecLeve  I 
& 

for  some  (V:Vf1Entry)  in  N.Vfls: 
{V.VfIName  -  L.AttachedVfl)) 
then  KernelCal  I  [Sendflessage ( 
ReClirectLinet 
L.Laddr, 

N. Process] , 
NetworkProcess)] 

KernelCal  I  [SendMe9sage  ( 

NewUser  tL] , 

N. Process;] 

L.CyclePosi t ion  <- 

Not i fyingNkcp 
MJsers  <-  tfUsers  +  1 
V. Users  <-  Append tV. Users, 
L.Laddr] 

eise  RetrytL] 

end 
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LG0L6: 


Attach  Oedicattd  Devices 


givens  Laddr:  LineAddress 

entry:  for  some  (LsLineEntry)  in  Lines: 

(L. Laddr  -  Laddr 

5 

L. State  -  AttachVal idat ion 

6 

L.CyclePosi tion  •  HookingPeripherais) 

error  on  ~(for  some  <N:NkcpEntry)  in  CurrentNkcpsi 
(N. Process  -  L. AttachedProcess) 

& 

for  some  (DsDirectoryEntry)  in  UserDi rectory: 
(D. User  Id  ■  L.  At  tachedVfl) ) 

ac  t i on: 

for  al I  (AsOedicatedOeviceEntry)  in  D.DedicatedDevices: 
if  for  some  (B:URPQunedOeviceEntry)  in  URPOunedOev i ces: 
(A.Raddr  ■  B.Raddr) 

then  /*  URProcess  controls  allocation  */ 
i  f  Dominates (B.flaxSecLevel  ,N. Process] 

& 

Dominates [N. Process, B.HinSecLeve I ] 
then  KernelCal I  (Sendttessage ( 

Attach (A. Raddr.N. Process) , 
URProcess)) 

L.tfAuai tingHooks  <-  L.tfAuai tingHooks  +  1 
else  L.Msg  <-  Concat  CL.flsg.Unavai  I  tA.Raddr) ) 
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else  /*  AuthProcess  controls  allocation  */ 

let  (D:NonsharableDr iveEntry)  i n  Nonsharab I eOr i ves» 
(A.Raddr  ■  B.Raddr)  in 
if  D. State  *  Avai I  able 
& 

Dominates  IB.haxSecLevel ,N. Process] 

& 

Dorn  i  na  tus  (N.  Process,  B.  II  i  nSecleve  I ) 

& 

Dominates  [B.MaxSecLevel , A. VolSeclevel ) 

& 

Dominates  (A. VolSecLevel , B.Mi nSecLeve I ) 

& 

Dominates  CN. Process, A.VolSecLevel) 
then  B, Access  <-  A. Access 

if  Write  inset  B. Access 
& 

A.VolSecLevel  N. Process 
then  B. Access  <-  Remove (B. Access, Ur i te) 
end 

KernelCal I [GrantAccess ( 

B.Raddr, 

N. Process. 

B. Access) 1 

if  OK 

then  N.AttachedOevices  <-  Append! 

N . A  t  tachedDev i ces , 

<Raddr  ■  B.Raddr, 

Access  ■  B , Access> J 
B. State  <-  AttachedTollser 
B.AttachedProcess  <-  N. Process 
L.Nsg  <-  Concat  [L.risg. 

Avai I  [A.Raddr .Access) ) 
eise  L.flsg  <-  Concat  [L. Msg, 

Unavai I [A.Raddr] ) 

end 

else  l.Msg  <-  Concat  [L.flsg, Unavai  I  [A.Raddr) ) 

end 

end 
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LG0L7:  Perform  Links  at  Logon 


givens  Laddr:  LineAddress 

entry:  for  some  (LsLineEntry)  In  Lines* 

(L. Laddr  «  Laddr 
& 

L. State  -  At tachVa I idat i on 
& 

L.CyclePosi tion  ■  HookingPer iphera I s) 

error  on  ~(for  some  (NsNkcpEntryl  in  CurrentNkepss 
(N. Process  -  L. AttachedProcess) 

& 

for  some  (DsOirectoryEntry)  in  UserDi rectory: 
(0. User  Id  -  L.AttachedVM) ) 

act i on: 


2  1 
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LGDL8t 


Response  to  message  to  NKCP  re  new  VM 


givens  VM:  V i r tua iMachi neName 
Proeesss  ProcessName 
Laddr:  LineAddrees 

entry:  for  some  (LsL ineEntry)  In  Lines: 

(L. Laddr  -  Laddr) 


error  on  .*  (L.  A  t  tachedVfl  ■  Vfl 

4 

L. State  -  AttachVal idation 
4 

L.CyclePosi t ion  •  Not i fyingNkcp) 


act  ions 


if  Responded (Process! 

then  L. State  <-  Attached 

L.CyclePosi t ion  <-  Attached 
if  L.L ineOropped 

then  KernelCall  (Sendflessage ( 

C I earL i ne (L . Laddr! , 
NetuorkProcess) ! 

end 

else  if  for  some  (NsNkcpEntry)  in  CurrentNkcps: 

(N. Process  -  Process) 
then  if  L. Connect  ion  ■  Logon 

then  Kerne  I  Cal  I  (Sendflessage  ( 
NewOrConneetedVM (L! , 

N.  Process)! 

else  Kerne  I  Cal  I  (Sendflessage  ( 
NewUser  (LJ . 

N. Process)! 

end 

else  if  L.L ineOropped 

then  KernelCal  I  (Sendflessage ( 

ClearLine (L. Laddr] , 
NetuorkProcess) ! 

L. State  <-  Free 
else  L.CyclePosi t ion  <-  • 

Per  f ormResourceChecks 


end 


end 


end 
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exit:  N"L. State  - 

It  Responded (Process) 
then  Attached 

else  If  for  all  (N:NkepEntry) 

in  CurrentNkcps: 
(N. Process  *»•  Process) 
i 

L.LIneOropped 
than  Pres 
else  l. State 
end 
end 

N"L. Cyc I ePos i t i on  ■> 

if  Responded [Process) 
then  Attached 

else  if  for  some  (NtNkcpEntry) 

in  CurrentNkcps: 

^  (N, Process  *  Process) 

L.LineOropped 
then  L.CyclePosi t ion 
else  PerformResourceChecks 
end 
end 


if  Responded (Process) 

then  Kerne  I  Cal  led  (Sendllessage(NetuorkProcess) ) 
else  if  for  some  (NsNkcpEn try)  in  CurrentNkcps: 
(N. Process  »  Process) 

then  Kerne  I Cal led(SendHessage(N.Process)] 
e/se  if  L.LineOropped 

then  KernelCal  ledtSendflessaget 
NetuorkProcees)) 
end 

end 

end 
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NKCPls  Disconnect 


given:  Process:  ProcessName 
Vfl:  V  ir  tualflachineName 
Lac'  LineAddress 
LineAction:  string 

error  on  ~(for  some  (N:NkcpEntry)  in  CurrentNkcps: 

(N. Process  ■  Process) 

& 

tor  some  (LiLineEntry)  In  Lines: 

IL.Laddr  -  Laddr)) 

action:  if  for  some  (V:Vf1Entry)  in  N.Vfla: 

(V. vriName  -  VII 

& 

V. Laddr  ■  Laddr 
& 

V. Disconnected  *  false) 
then  N. v.0i sconnected  <-  true 
i f  LineAction  -  'hold' 

then  Kerne  I  Cal  I  tSendflessage  ( 

ReOirectLine (L. Laddr, 

AuthProcess) , 
NetworkProcess) 3 
else  Kerne  I  Cal  I  tSendflessage  < 

ClearLine  [L. Laddr] , 
NetworkProcess) ] 
end 

L. State  <-  Free 

L.CyclePosi tion  <-  ReEnab I ePend i ng 
tfUsers  c-  AUsers  -  1 
el9e  Av  ignore  */ 

end 


exit:  N"L. State  ■ 

if  for  some  (VsVflEntry)  in  N.Vtls: 
(V. VriName  -  Vfl 

4 

V. Laddr  -  Laddr 
4 

~V.0i sconnected) 
then  Free 
el se  L. State 

end 
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N"L.CyclePosi tion  ■ 

If  for  some  (VjVHEntry)  In  N.VHst 
(V. VHName  -  VH 
4 

V.Laddr  ■  Laddr 
4 

«V. Disconnected) 
then  ReEnab I ePend i ng 
else  L.CyclePoei tion 
end 

N" //Users  - 

if  for  some  (VjVHEntry)  in  N.VMsj 
(V, VHName  -  Yfl 
& 

V.Laddr  -  Laddr 
4 

~V. Disconnected) 
then  //Users  -  1 
else  //Users 

end 

N"Pendi ngReques ts  - 

if  for  some  (V:VHEntry)  in  N.VHss 
(V. VHName  -  VH 
& 

V.Laddr  *  Laddr 
4 

**V.0i  sconnacted) 

then  Append [Pend i ngReques  t s , En tr y) 
else  Pend i ngReques ts 

end 

if  for  some  (V: VHEntry)  in  N.VHs: 

(V. VHName  -  VH 
4 

V.Laddr  ■  Laddr 
4 

~V. Disconnected) 
then  N"V. Disconnected  »  true 

end 

Kerne  I  Cal  led (SendHessage (NetuorkProcess) ) 

where  Entry  »  <HsgId  ■  new  [Hessagel d) , 

Kind  ■  if  LineAction  ■  ’hold’ 
then  ReDirectLine 
else  ClearLine 
end. 

Command  ■  Undefined, 

Responses  -  (Respondent  -  NetuorkProcess, 
Text  »  nil. 

State  ■  NoResponse>) > 
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NKCP2i 


( 


Logoff 


given!  Process!  ProcessName 
VHt  VirtualHachineName 
LineActioni  string 
ReasonForLogof ft  Logof fReasone 

error  on  ~(for  some  (NsNkcpEntry)  In  CurrentNKcps: 

(N. Process  •  Process 
& 

for  some  (VtVHEntry)  In  N.VHet 
(V. VHName  -  VM))) 

action!  KernelCal  I  tOestroyVHtV. VHName) J 
i  f  OK 

then  /SflJsers  <-  flUsers  -  1 
#VHs  <-  #VHs  -  1 
if  V.Qisconnected 

then  case  ReasonForLogof fiLogof fReasone  of 
UserChoiesi 
error 

Forced! 

KernelCal I [SendHessage ( 

ForcedLogoff tV. VHName] , 
OpProcess) ] 

Oi sconnectedt 

KernelCal I [SendHessage ( 

Oi sconnLogoff tV. VHName] , 
OpProcess) ] 

end 

else  if  LineAction  -  ’hold’ 

then  KernelCal I [SendHessage ( 
RsOirectLinet 
V.Laddr, 

AuthProcess] , 
NetuorkProcess) ) 
else  KernelCal I [SendHessage ( 

C I earL i ne  tV . Laddr ] , 
NetuorkProcess) ) 

end 

L. State  <-  Free 

L.CyclePoai tlon  <-  ReEnablePending 
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case  ReasonForLogof f :Logof fReasons  of 

UserChoice: 

Kerne  I  Cal  I  [Sendflessage  ( 

Logoff  t 
V,  VtIName, 

V.Laddr, 
ffUsers! , 

QpProcess)] 

Forced: 

Kerne  I  Cal  I  [Sendflessage  ( 

ForcedLogof  f  TV.  VfIName] , 
OpProcess)] 

Disconnected: 

error 

end 

'id 

for  all  (U:L ineAddress)  in  V. Users: 

Kerne  I  Cal  I  [Sendflessage  ( 

ClearLine CU1 , 

NetworkProeess)! 

KernelCal  I  [Sendtleseage ( 

Dropped  [V, U1 , 

OpProceee)] 

MJsers  <-  #Users  -  1 

let  (Lin«:L ineEntry)  in  Lines: 

ILine.Laddr  »  U)  i « i 
Line. State  <-  Free 

Line.CyclePosi tion  <-  ReEnab I sPending 
Vfls  <-  Remove  [Vfls.V] 

KernelCal  I  [Sendflessage ( 

SystemResourceUseCN.  Process, VM! , 
AcntProcess)] 

else  KernelCal  I  [Sendflessage! 

VMNotOestroyedtvn] , 

N. Process)! 

end 

exit:  N"#Users  » 

if  OestroyedVfl 

then  #Users  -  C"Y. Users  -  1 
else  tfUsers 
end 

N"#Vf1s  . 

if  OestroyedVfl 
then  FVfls  -  1 
else  #VMs 

end 
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N"N.Vfl*  • 

If  OestroyedVM 
4 

-  V.Oi sconnected 
then  Remove  [N.VMs.V] 
else  N.Vfls 

end 

N"PendingRequests  - 

If  OestroyedVM 

**  V.O I sconnected 
then  If  LineActlon  -  ’hold' 
then  union  oft 

Append CPsndingRequests.Entryll , 
set:  for  all  (U:LineAddress) 
in  V. Users: 

Entry2) 

el se  union  of  ( 

Append [Rend  I ngRequests,Entry2) , 
set:  for  all  (UtLIneAddress) 
in  V. Users: 

Entry2) 

end 

else  PendingRequests 
end 

for  all  (U:L ineAddress)  in  V. Users: 

for  some  (Line:LineEntryi  in  Lines: 

(Line.Laddr  ■  U 
& 

NHLine. State  ■  Free 
S 

N"Line.CyclePosi tion  •  ReEnablePending) 

Kerne  I Ca 1 1 ed  (Oes troyVM (V. VMName) J 
if  OestroyedVM 

then  if  V,0i sconnected 

then  Kerne iCal I ed ISendMessage (OpProcess) ] 
else  KernelCal I edtSendMessage (OpProcess)] 
Kerne  I Ca 1 1 ed [SendMessage ( 
NetuorkProcess)) 

KernelCal ted (SendMessage ( 

NetuorkProcess) J 
KernelCal led (SendMessage ( 

AcntProcess) ) 

for  al I  (U:LineAddress)  in  V. Users: 
(Kerne ICal led [SendMessage ( 
NetuorkProcess) ) 

Kerne ICa 1 1 ed [SendMessage ( 
NetuorkProcess)] 

el se  KernelCal I ed [SendMessage (N. Process) ] 
end 
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where  Entryl  ■  <Msg!d  ■  new  (flessageld) , 

Kind  «  ReOirectLine, 

Command  ■  Undefined, 

Responses  ■  (Respondent  ■  NetworkProcess, 
Text  ■  nil. 

State  ■  NoRr ,ponse>) > 
bntry2  -  <Msgld  »  new  (Message  Id) , 

Kind  -  Cl earL ine. 

Command  -  Undefined, 

Responses  ■  (Respondent  ■  NetworkProcess, 
Text  —  nil. 

State  ■  NoResponse>l > 
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OPl:  Autolog 


given;  Userid:  Virtual flachineName 

RequestedSecLevel:  ProcessName 
Password:  string 
AccessPassword:  string 

error  on  ~(for  some  (D:DirectoryEntry)  in  UserDirectory: 
(D. Userid  ■  Userid 
& 

D.LogonPassword  -  Password 
& 

Dorn i nates  (0. MaxSecLeve I , Deques tedSecLeve  1 1 
& 

Dominates  [RequestedSecLevel  ,D.f1i  nSecLeve  I  ] 

& 

0. I p IPef i ned  -  true 
& 

for  all  (A: AccessPasswordEntry) 

in  0. AccessPasswords: 
HA.SecLevel  ■  RequestedSecLevel)  -> 

(A. Password  -  AccessPassword))) 

& 

~  Shu  1 1  i  ngOown 
& 

tfVfls  <  AMaxVMs) 

action:  if  for  all  (N: NkcpEntry)  in  CurrentNkcps: 

(N. Process  <**»  RequestedSecLevel) 
then  if  #Nkcps  <  AMaxNkcps 
& 

#vris  <  wiaxvris 

the'-  Kerne ICal  I  CCreateProcess  ( 
AddressSpaceS i ze, 
CodeSize, Code)] 

if  OK 

then  AddNkcpToSet t 

RequestedSecLevel ) 
else  Kerne  I  Ca  i  I  [Sendflessage  ( 
NoNkcp, OpProcess) ) 
ex  i  t 

end 

else  KernelCal I ISendhessage (NoNkcp, 
OpProcess) ) 

ex  i  t 
end 

end 

let  (N:NkcpEntry)  in  CurrentNkcps: 

(N. Process  ■  RequestedSecLevel)  in 
KernelCal I  (CreateVM (Userid, N. Process)] 
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if  OK 

then  #Vf1s  <-  tfVfls  +  1 

AUsers  <-  #Users  +  1 

N.VMs  <-  Append [N.VMs,  <Vf1Name  «  Userid, 

Laddr  ■  ??, 
Disconnected  -  true, 
Users  -  n i I >] 

KernelCal  I  rSendf1essage ( 

Auto  log [User  Id, N. Process] , 

OpProcess) ] 

/*  AttachDevicesCN.DJ 
PerformLinksCN.D]  */ 

KernelCal  I  [Sendflessage  (NeuVM  (]  ,N. Process)  ] 
e  I  se  KernelCal  I  [Sendflessage  (NoVIISpace, OpProcess)  ] 
KernelCal  I  [Sendflessage ( 

Pur gel fAble.N. Process) ) 
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UR2  and  0P2:  flap  user  id 


given:  Userid:  VirtualflachineName 
Requester:  ProcessName 


entry;  Requester  inset  (OpProcess,  URProcessl 

action:  if  for  some  (N:NkcpEntry)  in  CurrentNkcps: 

for  some  (V:YMEntry)  in  N.VMs: 
(V.VtIName  ■  Userid) 

then  KernelCal  I  tSendflessage  (User  I  dflapped  t 

Userid,  N. Process), 
Requester) 1 

e  I  se  Kerne  ICa  I  i  tSendflessage  (User  I  dflapped  [ 

Userid,  ni I) , 
Requester) ) 
end 

exit:  Kerne  ICa!  led  (Sendflessage  (Requester) ) 
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0P4b:  Detach  of  shared  device  (by  operator) 


given:  Raddr:  OeviceAddreee 

entry:  for  some  (S:SharableOr iveEntry)  in  Sharab I eOr i ves: 

S. Raddr  ■  Raddr 

action:  case  S.  S  t<?  te:  Sharab  I  eOr  iveStatus  of 
Avai table: 

Kerne  I  Cal  I  (Sendtlessage  ( 

Detached CS. Raddr] , 

OpProcess) 1 

0  f  f L ine : 

Kerne  I  Cal  I  (Sendtlessage  ( 

Offline (S. Raddr] , 

OpProcess) ) 

AttachedToSystem: 

if  for  some  (Ms  fl  i  n  i  D  i  skEntry)  in  MiniOisks: 
(M.ContainingVolume  ■  S.MountedVolume 
& 

~Emp  ty  (fl.  Pr  ocessL  inks)' 
then  Kerne  iCat  I  (Sendtlessage ( 

NotCurrent lyOetachab! e  CS. Raddr! , 
OpProcess) ] 

else  Kerne (Cat  I UsOeviceReleasable(S.Raddr)] 
if  OK 

then  Kerne  I Ca l I  (ReleaseDevice( 

S. Raddr) ) 

if  OK 

then  Kerne  I Ca I  I ( 

Sendtlessage  ( 

*  Detached  (S. Raddr] , 

OpProcess) ] 

S. State  <-  Available 
let  (VtSharedVolumeEntry) 
in  SharedVo I umes: 
(V.MountedQev i ce 

S.MountedVolume)  in 
V. State  <-  NotMounted 
e  I  se  Kerne ICa i I ( 

SendMessage ( 
NotOetached  C 
S. Raddr] , 
OpProcess) ] 
end 
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exit: 


i 


i 


V.V. f  .*■ 


end 


end 


else  kernelCal  I  CSendMessage ( 

NotCurrent lyDetachab !e  C 
S.Raddr] , 
OpProcess)  1 

end 


N"S. State  - 

if  S. State  -  AttachedToSystem 
8 

for  all  (MjfliniDi  skEntry)  in  MiniDisks: 

(M.Cont?  iningVolume  ■  S.MountedVolume  - 
Empty  CM. CurrentLinks] ) 

8 

Dev  ice  I sRe leasable 
8 

Dev i ceRe I  eased 
then  Avai table 
el se  S. State 
end 

f  S. State  «  AttachedToSystem 
8 

for  all  (M:MiniOiskEntry)  in  fliniDisks: 
(M.ContainingVolume  ■  S.MountedVolume  -> 

Empty  CM. CurrentL inks] ) 

8 

Device! sRe I easab I e 
8 

DeviceReleased 

then  for  some  (V;SharedVolumeEntry)  in  SharedVolumes 
(V.MountedOevice  •  S.MountedVolume 


N"V. State  «  NotMounted 
8 

N"V.MountedOevice  -  nil) 


Kerne  I Ca I  led  CSendMessage (OpProcess) ] 
if  S. State  ■  AttachedToSystem 

then  if  for  all  (M:M i niDi skEn try)  in  MiniDisks: 

(M.ContainingVolume  ■  S.MountedVolume 
Empty  CM. CurrentL i nksJ ) 
then  Kerne  I  Cal  I ed  Cl sOev iceRe I easab I eJ 
if  Dev i cel sRe I easab I e 

then  kerne iCa I  I ed CRe I saseDev i cel 
end 
end 


end 
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0P4as  Detach  of  nonshared  device  (by  operator) 


given*  Raddrs  DeviceAddress 

entry:  for  some  (NStNonsharableOriveEntry) 

in  Nensharab I eOr i ves: 

NS.Raddr  ■  Raddr 

action:  case  NS. State:  OriveStatus  of 

Of  fLine: 

KernelCal  I  tSendtlessage  ( 

Of  fL I ne [NS.Raddr] , 
OpProcess) ] 

OetachPending: 

/*  ignore  */ 

Avai table: 

KernelCal  I  [Sendflessage ( 

Detached  [NS.Raddr] . 
OpProcess)] 

At  tachedToUser: 

KernelCal  I  [Sendflessage ( 

Re  I i nqu i shDev i ce [NS.Raddr] , 
NS. A  t  tachedProcesa) ] 

NS. State  <-  DetachPending 

end 
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exit:  N"NS. S tate  ■ 

if  NS. State  ■  AttachedTollser 
then  DetachPending 
else  NS. State 
end 

N"PendingRequests  ■ 

if  NS. State  ■  At tachedToUeer 

then  Append tPendingRequests, Entry] 
else  PendingRequests 
end 

if  NS. State  ■  AttachedTollser 

then  KernelCal I  CSendMessage (NS. A t tachedProcess) 1 
else  if  NS. State  inset  (QffLine,  Available) 

then  Kerne  I Ca I  led tSendflessage (OpPr ocess ) ] 

end 

end 

where  Entry  -  <f1sgld  -  new  tflessagel d] , 

Kind  -  Re  I inqui shOevice, 

Command  -  DETACH*-RA00R, 

Responses  -  URespondent  -  NS.AttachedProcess, 
Text  »  nil. 

State  -  NoResponse>) > 


I 


3  December  1977  System  Development  Corporation 

Authorization  Process  TM-6062/111/00 

I 

i 

OPSas  Vary  (both  online  and  offline)  of  shared  device 


1  givens  Raddr:  OeviceAddress 

Parameters  string 

entrys  for  some  (SsSharableOr i veEntry)  In  SharableOr ivess 
S. Raddr  -  Raddr 

error  on  Parameter  «*inset  I'online,  ’offline’) 

actions  if  Parameter  -  'online' 

then  error  on  S. State  OffLIne 

S. State  <-  Avai lable 
Kerne iCa I  I (Senddessago ( 

Online  (S. Raddr) , 

OpProcess) ] 

else  /*  parameter  -  ’offline’  >»/ 

error  on  S. State  **•  At tachedToSystem 
v  S. State  <-  OffLine 

Kerne  I  Cal  I  (Sendttessage  ( 

Of fLineCS. Raddr] , 

OpProcess)  ] 

end 

exits  N"S. State  » 

'  i f  Parameter  -  ’online’ 

then  Avai I  able 
e I se  Offline 

end 

Kerne  I Ca  I  I  ed  (Sendflessage  (OpProcess) ) 
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OPSbs 


Vary 


(both  online  and  offline) 


of  nonshared  device 


given*  Raddr!  OeviceAddress 
Parameter*  string 

entry*  for  some  (NS*NonsharableDr i veEntry) 

in  NonsharableUr ives* 

NS. Raddr  »  Raddr 

error  on  Parameter  «.inset  {'online*,  'offline') 

action*  if  Parameter  -  ’online’ 

then  error  on  NS. State  Offline 
NS. State  <-  Available 
KernelCal  I  CSendflessage ( 

Online  (NS. Raddr] , 

OpProcess) ) 

else  Av  parameter  ■  ’offline’  */ 

error  on  NS. State  ~inset  (OffLine, 

Avai I  able) 

NS. State  <-  OffLine 
KernelCal  I  (Sendflessage  ( 

0  f  f L i ne (NS. Raddr ] , 
OpProcess)) 

end 

exits  N"NS. State  - 

if  Parameter  «  ’online' 
then  Avai table 
else  OffLine 

end 

Kerne  iCal  I  ed  (Sendflessage (OpProcess) ) 
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OPSas  QUERY,  with  parameters! 

OASO 

LINES 

GRAF 

ALL 

NAMES 

USERS  with  no  further  parameter 
entry:  true 

action:  use  table  information  to  create  message 
Kerne ICal I  (Senddessage (Info.QpProcess) 1 

exit:  KernelCai  ledtSend(1eseage(0pProcess)l 
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OPSbt  QUERY,  with  parameters: 

racklr 

SYSTEM  raddr 


given:  Raddr:  OeviceAddress 

error  on  •vtfor  some  (S: Sharab I eOr iveEntry)  in  SharableOr i ves: 
(S. Raddr  -  Raddr) 

I 

for  some  (NS: Nonsharab I eOr iveEntry) 

in  Nonsharab I eDri ves: 

(NS. Raddr  •  Raddr)) 

action:  u9e  table  information  to  create  message 
KernelCal  I  (Senoflassagednfo.QpProceasn 

exi  t:  KernelCal I ed (Sanddessage (QpProcess) ) 
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OPSe:  QUERY,  with  parameters! 

USERS  userid 
user i d 

given:  Userid:  Vir  tualllachineName 
entry:  true 


action: 


if  for  some  (NiNkcpEntry)  in  CurrentNkcps: 
for  soma  (ViVtlEntry)  in  N.Vtla: 

V.VIIName  ■  Userid 

then  use  table  information  to  create  message 
KernelCal  I  (Sendfleseagel  Info,  OpProcess)] 
else  KernelCal  I  tSendflessagelNoSuchUeer  [User  Id! , 

OpProcess) 1 


end 


exit:  KernelCal  I ed  ISendflessage (OpProcess)  1 
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0P7:  LOCATE-RADOR 


given:  Raddr:  Dev i ceAddress 

entry:  for  some  (NSiNonaharableDr iveEntry) 

in  NonsharableOr ives: 

NS. Raddr  •  Raddr 

action:  if  NS. State  *  AttaehedToUser 

then  KerneiCal  I  (Sendflessage  ( 

Locate  (NS. Raddr] , 

N. Process)! 

else  KerneiCal  I  (Sendflessage ( 

OeviceNotOunedlD. Raddr] . 

OpProcess)] 

end 

exit:  N"PendingRequests  - 

if  NS. State  ■  AttaehedToUser 
then  Append  (Pendi ngRequests, 

<f1sgld  -  neu  (Message!  d] , 

Kind  •  OpRequest, 

Command  •  L0CATE*-RA0DR, 
Responses  -  I 

<flespondent  -  NS.AttachedProcess, 

Text  ■  nil. 

State  ■  NoR#spon$e>) >] 
else  Pendi ngRequests 
end 

if  NS. State  ■  AttaehedToUser 

then  Kerne iCa I  I ed (Sendflessage (NS.AttachedProcess) ] 
else  KerneiCal  led  (Sendflessage  (OpProcess)] 
end 
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0P8;  Shutdown 

entry}  true 

action:  ShuttingOown  <-  true 
exit:  N"Shut t i ngOown  ■  true 
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0P3:  Attach  (nonsharable  disk  drive)  Device 


given:  Raddr:  DeviceAddress 
Process:  ProcessName 
Vo  I SecLeve I :  ProcessName 
Access:  set  of  Accessflodes 


entry:  f0r  some  (NS:NonsharableOr i veEntry) 

in  NonsharableDr i ve8: 
(NS. Raddr  •  Raddr) 


error  on  "(for  some  (N:NkcpEntry)  in  CurrentNkcpe: 

(N. Process  ■  Process 
& 

for  all  (A: AttachedDeviceEntry) 

in  N.AttachedOevices: 
(A. Raddr  Raddr) 

& 

NS. State  ■  Free 
$ 

Dominates  IN. Process, Vo  I SecLeve I ) 

& 

Dominates  [NS.MaxSecLevei ,N. Process] 

$ 

Dom  i  nates  [N. Process, NS. tt  i  nSecLeve  I  ] 

<S 

Oom i na  tea  [NS. MaxSecLeve I , Vo  I SecLeve I ) 

& 

Dominates  CVolSecLevel , NS. Mi nSecLeve II ) 

& 

"Empty (Access] 

& 

"  Shut  t ingOoun) 
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act iont 


NS. Access  <-  Access 
if  Urite  inset  NS. Access 
& 

VolSecLevel  N. Process 

then  NS.  Access  <-  Remove  [NS.  Access,  Ulr  i  te) 


end 

if  Empty  INS. Access) 

then  KernelCal  I  ISendflessage  ( 

NoAccess  INS. Raddr.N. Process) , 
OpProcess) 1 

else  KernelCal I  IGrantAccess ( 

NS.Raddr, 

N. Process, 

NS. Access)) 
i f  GrantedAccess 

then  KernelCal I  ISendflessage! 

Attached [NS.Raddr) , 

N. Process) ) 

KernelCal  I  ISendflessage! 

Attached! 

NS.Raddr, 

NS. A  t  tachedProcess) 
OpProcess) ) 

NS. State  <-  Attached 

NS. At tachedProcess  <-  N. Process 

N.AttachedDevices  <-  Append! 

N. A  t  tach-dDev i ces, 

<Raddr  *  NS.Raddr, 

Access  •  NS.Access>) 
else  KernelCal  I  ISendflessage ( 
CannotAttachl 
NS.Raddr, 

N. Process] , 
OpProcess) ) 


end 


end 


K 
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e*>tf  N”NS. Access  - 

if  Urite  inset  Access 
& 

VolSecLevef  "■  N. Process 
then  Remove [Access, Ur i tej 
else  Access 
end 

N"NS. State  . 

if  "Empty [N"NS. Access! 

& 

GrantedAccess 
then  Attached 
else  NS. State 
end 

N' NS. A t tachedProcess  ■ 

if  "Empty IN"NS. Access! 

& 

GrantedAccess 
then  N. Process 
else  NS. At tachedProcess 
end 

N"N. A t tachedOev i ces  ■ 

if  "Empty (NnNS. Access! 

4 

GrantedAccess 

then  Append  INS. At tachedOev ices. 
cRaddr  -  NS.Raddr, 

Access  -  NS. Access>J 
else  N. At tachedOev ices 


else 


'  f  Empty  [N"NS. Access! 

then  Kernel  Cal  ledCSendflessagefDpProcessI! 

Kerne  I Cal  led (Gran tAccess! 
i f  GrantedAccess 

then  Kerne  I  Cal  led  CSendflessage  (N.  Process!! 
Kerne  Cal  edfSendflessagelOpProcess)] 
d°  S*  *®rne,Cal  ledCSendriessagelOpProcess)! 


end 
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L'Rlt  URProcess  request:  need  Nkcp 


givent  Roques tedSecLeve I t  Pr ocessName 
Raddr:  DeviceAddress 

entry:  true 

error  on  for  all  (DtURPOunedDeviceEntry)  In  URP0unedDevice9t 
D. Raddr  Raddr 

action!  let  (DtURPOunedDeviceEntry)  in  URPOwnedOevices: 

(D. Raddr  •  Raddr)  in 

if  for  some  (NtNkcpEntry)  in  CurrentNkcps: 

(N. Process  -  RequestedSecLevel ) 
then  Kerne ICal I  (Sendflessage  ( 

AddedNkcp  (N. Process, 0. Raddr] , 
URProcess)] 

else  if  Dominates CQ.ftaxSecLevel .RequestadSecLeve I ] 
i 

Dominates  (RequestedSecLevel .D.flinSecLeve I ] 

« 

tfNkcps  <  dMaxNkcps 

then  Kerne iCal I  (CreateProcess ( 

AddressSpaceS i ze, 

CodeS i ze.Code) ] 

if  OK 

then  AddNkcpToSet [RequestedSecLeve  I  ] 
Kerne  I  Cal  I  (Sendflessage ( 
AddedNkcp  t 

RequestedSecLevel , 

D. Raddr] , 

URProcess) ] 

else  Kerne  ICal  I  (Sendflessage  ( 

Cannot AddNkcp ( 

f  RequestedSecLevel, 

D. Raddr] , 

URProcess) J 
end 

else  Kerne  I  Cal  I  (Sendflessage  ( 

Cannot AddNkcp ( 

RequestedSecLevel , 

D. Raddr] , 

URProcess) ] 

end 

end 
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exit;  N"#Nkcps  - 

if  for  all  (NiNkcpEntry)  In  CurrentNkeps: 

(N. Process  *»-  RequestedSecLevel) 

4 

Dominates  (D.flaxSecLeve I , Request edSecLeve  1 1 
4 

Dorn i na  t es tReques  tedSecleve I , D . M I nSecLe ve  I  ] 
j 

tfNkcps  <  fltlaxNkcps 
4 

CreatedProcess 
then  tfNkcps  +  1 
else  #Nkcps 

end 

N”CurrentNkcps  - 

if  for  all  (NsNkcpEntry)  in  CurrentNkeps: 

(N. Process  RequestedSecLevel ) 

4 

Dominates  [D.flaxSecLeve I  .RequestedSecLevel  1 
4 

Dominates [RequestedSecLevel , D.MInSecLeve 1 1 
& 

#Nkcps  <  tfflaxNkeps 
4 

CreatedProcess 

then  Append  [CurrentNkeps, Entry] 
else  CurrentNkeps 

end 


if  for  some  (NsNkcpEntry)  in  CurrentNkeps: 

(N. Process  ■  RequestedSecLevel) 
then  KernelCal  I ed CSendflessage  (URProcess)  ] 
else  if  Dominates [D.flaxSecLeve I .RequestedSecLevel] 
4 

Dominates (RequestedSecLevel .D.flinSecLeve I J 
4 

flNkcps  <  tfflaxNkcps 
then  KernelCal I ed (CreateProcess) 
if  CreatedProcess 

then  Kerne ICa II ed  (SendMessage ( 
URProcess) ] 

Kerne ICa 1 1 ed [SendHessage ( 
OpProcess) ] 

KernelCal  I  ed  CSendflessage  ( 
URProcess! I 

else  KernelCal  led  CSendflessage ( 
URProcess) ] 


end 

else  KernelCal  led  CSendflessage  (URProcess)] 

end 


end 


( 
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^l.djr'0'***  nmn"  »«  *»'»  •ttechwnt  r.qu.#(  l.tuch 


Qiveni  Raddri  DevIceAddrasa 
Proccsai  ProeaaaNama 
Latklrt  LfneAddress 

error  .  In  URfOnn.oO.vic.,, 

^ZS&VESSr*  '"u— 

5 

L.Stata  «  AttachVai idatlon 
UCycJePoai  tion  -  HooklngParipharala 
L.tfAuai t ingHooks  >0)) 

act.onj  L.MuaitingHooks  <-  U.#Au«l  tingHooka  -  1 
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exits  NT.WAuai  t  IngHooks  -  L.tfAuai  t  IngHooks  -  1 
N"l.f1scj  .  Concat  (L. flag, Aval  I  (A.Raddr)  1 
N"L.CyclePosi tlon  • 

if  N"L.Aual t IngHooks  ■  0 
then  Not  I fyl ngNkcp 
else  L.CyclePos! tion 
end 

N"Pendi ngReques ts  » 

If  NML.#Aual t IngHooks  -  0 

then  Append (Pend  I ngReques t s , En try] 
else  Pend  I ngReques ts 

end 

if  N"L.Awai t IngHooks  •  0 
then  if  «L.LineDropped 

then  KernelCal  led  (Sendf1easage( 
NetuorkProcess)] 
end 

Kerne  I Ca 1 1 ed (SendMessage (N. Process) ] 

end 

uhere  Entry  -  cflsgld  <*  new  (fie  s  sags  Id] , 

Kind  ■  NeuVM, 

Command  -  Undefined, 

Responses  ■  (Respondent  ■  NetuorkProcess, 
Text  •  nil. 

State  »  NoResponse>) > 
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1  UR3bi  URProcaaa  rcsponaa  to  davlca  attachment  raquaat  (attach 
fai led) 


givent  Raddr t  OeviceAddreaa 
Proceaai  ProcaaaNama 
Laddr:  LinaAddraaa 

error  on  <*»(for  soma  (A:URPOunedOevlceEntry)  In  URPOunadOavIcaat 
(A.Raddr  •  Raddr) 
ft 

for  some  (NtNkcpEntry)  In  CurrentNkcpa: 

(N.Procaaa  •  Proceaa) 
ft 

for  some  (L : L IneEntry)  In  Llnaai 
(L. Laddr  •  Laddr 
ft 

L. State  -  AttachVal idat ion 
ft 

L.CyclePoal tlon  •  HooklngPer ipheral a 
5 

L./lfAuai  tingHooka  >  0)) 

actiont  L.WAuai t IngHooka  <-  L.dAual t IngHooka  -  1 
L.Hag  <-  Concat  (L. flag, Unaval  I  tA. Raddr]  3 
TryNot i fyingNkcp(L3 


201 


( 


9  December  1977 
Authorization  Proceaa 
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.  N"L.»ftu«ltlnoHookf  •  L.WukltlnoHookt  -  1 

N"L.t1«q  «  Concat  CL. Hag, Unaval  I  tA.Reddrj  1 
N"L.CyclcPoal tlon  - 

it  N"L.Aual tlngHooke  -  0 
than  NotlfyingNkcp 
a  I  at  L.CyelaPoa1 tlon 
end 

N"Pendingflequeeta  • 

if  N"L.#Awal  tingHooka  -0  _  k  , 

then  Append tPend I ngRequeat a, Entry! 
alee  Pend i ngRequea t a 
and 

if  N"l*Aual tingHooka  •  0 
than  If  "C.LmaOroppad 

then  Kerne  I Ca 1 1  ad  tSandNesaage  l 
NatworkProceaa) J 

Kerne  I  Ca  1 1  ed  tSandtleaeage  IN. Proceaa)  1 

end 


where  Entry  ■  <Magld  •  newtfleeaageldl  < 

Kind  ■  NeuVH, 

Command  ■  Undefined, 

Responeta  •  IReapondent  -  NetuorkProcaae, 
Text  •  ni I , 

State  •  NoResponae>l > 
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NKCP3:  Drop  User 


given!  Process:  ProcessName 
Vfl:  Vir tualdachlneName 
Lacidrt  LinaAddrass 

error  on  «(for  some  (NtNkcpEntry?  in  CurrsntNkcpei 
(N. Process  •  Process 
& 

for  some  (V:VttEntry)  in  N.VMs: 

(V.VfIName  -  VII 

4 

for  some  (UiLineAddreas)  in  V. Users: 

U  •  Laddri) 

4 

for  some  (LiLineEntry)  in  Lines: 

(L.Laddr  r  Laddr 
& 

L. State  «  Attached 
4 

L. Connect  ion  ■  Dial 
4 

L.AttachedVM  •  Vfl)) 

action:  L. State  <-  Freo 

L.CycicPosi t ion  <-  ReEnab I ePend i ng 
Kerne  I  Cal  I  CSendHessage(ClearLine [L.Laddr] . 
NetuorkProcess) ] 

KernelCsl  I  (Sendflassage (Dropped CVI1, U3 , 

OpProcessi] 

N.V. Users  <-  Remove (N.V. Users, U1 
Kerne  I  Cal  I  (Sendflassage  ( 

Sys  temResourcsUse IN. Process , Vfl) , 
AcntProcess) J 

exit:  N"L. State  ■  Free 

N"L.CyclePosi tion  »  ReEnab I ePend ing 
N“N.VlUsers  •  Remove  IN. V. Users, U] 
N"PendlngRequests  ■  Append (Pend ingRequests, 

<(1sgid  ■  neu (Hessagel d] , 

Kind  ■  ClearLine, 

Command  »  Undefined, 

Responses  ■  (Respondent  ■  NetuorkProcess, 
Text  ■  nil. 

State  •  NoResponse>) >) 

KerncICal  I ed (Sendflassage (NetuorkProcess) ] 
KernelCal  I  ed  (Sendflassage  (OpProcess)  ] 

Kerne  I Ca I  led  (Sendflessage (AcntProcess) J 


203 


9  {December  1977 
Authorization  Process 


System  Development  Corporation 
TM-6062/1 11/00 


NTUK3:  Link  passuord  received 


given:  Process:  Procet>sName 
Passuord:  string 
Requester:  Virtual MachlneName 
Laddr:  LineAddress 
User:  Vir tualMachineName 
MiniOisk:  MiniDiskName 
ReqAccess:  LinkAccess 

entry:  for  some  (ULineEntry)  in  Lines: 

(L. Laddr  ■  Laddr 
$ 

L. State  ■  Attached 
& 

L.CyclePosi t ion  •  ReadLinkPassuord) 

error  on  «<(for  some  (N:NkcpEntry)  in  CurrentNkcps: 

(N. Process  *>  Process)) 

action:  KernelCall  CSendMessage ( 

ReDirectLine  [L. Laddr, N. Process) , 

Ne tuorkProcess) ) 

L.CyclePosi t ion  <-  Attached 

let  (D:DirectoryEntry)  in  UserD i rectory: 

(0. Userid  -  User)  in 
if  U.L i nkPassuord  -  Password 

then  let  If1:f1ini0i  skEntry)  in  MiniDisks: 

(M.flOName  •  MiniOisk)  in 
let  (V:SharedVolumeEntry)  in  SharedVolumes: 

(V. Volume  •  M.ContainingVolume)  in 
if  V. State  •  Mounted 

then  let  (S:SharableDr iveEntry) 

in  SharableDr i ves: 
(S.Raddr  »  V.MountedDevice)  in 
if  S. State  -  At tachedToSystem 
then  /*  WHEW!  everything  is  OK 
to  actually  process  the 
link  request  */ 
let  (A:ACLEntry) 

in  M. AccessContro I L i s t 
(A. User  »  Requester)  in 
Exam i neL i nkAccess  CN, M, 
ReqAccess] 

else  NoL ink  [Devi ceNotReady) 
end 

else  NoLinklVolumeNotMounted) 
end 

else  NoL i nk II  1 1 ega IPassuord) 

end 
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macro  Nolink  (Reason]  • 


kerne ICa 1 1  [Sendflessaget 

CannotLinkl 

Requester, User, 
Laddr.MiniOi sk. 
Reason! , 

N. Process)] 
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macro  Exam i neL i nkAccess [NsNkcpEntry  in  CurrentNkcps, 

flsdiniOi sktntry  In  MiniDisks, 
AccesssLinkAccess]  ■ 

case  Access:L inkAccess  of 
R: 

if  for  all  (C:ProcessLinkEntry)  in  tl.CurrentLinkss 
Write  -inset  C. Access 
then  Link!  (Read! ] 
else  Not  ink tPrev iousWr I teLinkJ 

end 


HR? 

L ink  C IReadl ] 


if  Write  inset  A.Acces3 

then  if  Empty  III. CurrentLinks] 
then  Link  t  fWr i te) 1 
else  NoL ink tPrev iousL ink! 
end 

else  NoL ink  [NoWri tePermi ss ion] 

end 


if  Write  inset  A. Access 

then  if  Empty [fl.  CurrentLinks] 
then  Link  ( (Ur i tel  ] 
else  L i nk  ( (Read)  ] 

end 

else  /*  choices?  LinkUReadi] 

NoL ink {NoWri tePermi S3  ion] 
NoL ink [NoUr i tePermi ss ion] 

end 


Ms 

if  Write  inset  A, Access 

then  if  for  all  (CjProcessL i nkEntry) 

in  tt. CurrentLinks: 
Urite  -inset  C. Access 
then  L ink  C  (Ur i tel ] 
else  NoL ink [PrsviousUr i teL ink] 

end 

else  NoL i nk CNoUri tePermi ss ion] 

end 


ft/ 
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if  Urite  inset  A. Access 

then  if  for  all  (CsProcessLInkEntry) 

in  H.CurrentLinks: 

Urite  ~inset  C. Access 
then  Link  [  (Ur i tel  1 
else  Link!  (Read)] 

end 

else  /*  choices:  Link [(Read)] 

NoLinkCNoUri tePermi ssionj  */ 
NoL i nk [NoUr i tePerm i ss i on] 

end 


MU: 

if  Urite  inset  A. Access 
then  L ink  [  lUr i tel  ] 
else  NoL inkINoUri tePermi ss ion] 

end 


end 
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macro  L ink (Access: set  of  AccessModesl  • 

Av  given!  NjNkcpEntry  in  CurrentNkcps 

PI : M i n i D i  sktntry  in  flinlQisks  #/ 

if  for  some  (CsProccssL inkEntry)  in  fl. Current!. inks! 

C. Process  ■  N. Process 

then  Av  process  already  has  a  link  to  this  minidisk: 
increase  rights  if  necessary  */ 
let  (NC:hOL inkEntry)  in  N. Links! 

(NC.flDName  ■  n.flOName)  in 
if  Access  C. Access 

then  if  Read  inset  Access 
& 

Read  <«inset  C. Access 
then  Av  in  first  cut  of  system, 
all  links  include  read 
permission!  should  never 
get  here  */  ' 

Kerne ICal I (GrantAccess ( 

N.  Process,  M.IIQName,  (Read!)] 
if  OK 

then  C. Access  <-  Append! 

C. Access, Read! 
NC. Access  <-  Append! 

NC. Access, Read] 
else  NoLink (NotOKl 
end 
end 

if  Ur i te  inset  Access 
& 

Urite  «*inset  C. Access 
then  Kerne ICat 1 (GrantAccess ( 

N. Process, II. nOName,  (Uritei)] 
if  OK 

then  C. Access  <-  Append! 

C. Access, Ur i te] 
NC. Access  <-  Append! 

NC. Access, Ur i te] 
else  Nolink ENotOK] 
end 

end 

else  Av  not  necessary  to  increase  rights 
then  why  did  NKCP  ask  for  it??  */ 


2E3 


end 
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else  Kerne ICa I  I  (GrantAccess ( 

N.  Process,  fl.flDName,  Access)  ] 

if  OK 

then  fl.CurrentLinks  <-  Append! 
fl. Current!,  inks, 

<Process  «  N. Process, 
Access  ■  Access>] 

N. Links  <-  Append! 

N. Links, 

<f1DName  ■  H.flOName, 
Access  ■  Access>] 
else  NoLInk INotOK] 

end 

end 

Kerne  I  Cal  I  (Sendflessage  ( 

LinkStatus IN) , 

N. Process) ] 
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NKCPAi  Link  (with  password) 


givent  Process:  ProcessName 

Requester!  Vir tualflachineName 
L  atldr !  L  i  neAddr  ess 
User:  Virtual Hach i neName 
HiniOisk!  MiniCiskName 
ReqAccess:  LinkAccess 

error  on  ShuttingOown 
I 

Empty  tReqAceess) 

action:  if  for  some  (NtNkcpEntry)  in  CurrentNkcps: 

(N. Process  -  Process 
& 

for  some  (E:Vf1Entry)  in  N.Vfts: 

(E.VfIName  ■  Requester)) 

& 

for  some  (L:LineEntry)  in  Lines! 

(L.Laddr  •  Laddr 
& 

L. State  ■  Attached 
& 

L.CyclePosi t ion  ■  Attached 

5 

L.RequestedSecLevel  -  Process 

6 

L.AttachedVM  -  Requester) 

& 

for  some  (O:0irectoryEntry)  in  UserOi rectory: 
(0. User  Id  -  User 
& 

for  some  (K:f10L i nkEntry)  in  D. Links: 
(K.flOName  ■  Minidisk)) 

& 

for  some  (M:f1ini0i skEntry)  in  MiniOisks: 
Ifl.flOName  »  MiniOisk) 

* 
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for  some  (A:ACLEntry)  in  M.AccessControlLI st: 

(A. User  ■  Requester 
& 

Oom i nates  (Process , M. SecLeve 1 1 
& 

(Ur  I teAccessRequested  -> 

Process  »  fl.  SecLeve  I ) ) 
then  /ft  it’s  legal:  now  check 

for  resource  availability  */ 
if  for  some  (V:SharadVolumetntry) 

in  SharedVo lumes: 

(V, Volume  •  (I.ContainingValume 

V. State  -  Mounted 
& 

for  some  (S:SharableOr iveEntry) 

in  SharableDr i ves: 
(S.Raddr  ■  V. Mount edOev ice 
& 

S. State  ■  AttachedToSystem) ) 
than  /ft  resources  are  available: 

get  the  link  share  password  ft/ 
Kernel  Cal  I (SendMesaagel 

ReDirectLine (L.Laddr,  AuthProcessl , 
Ne  tworkPr ocess) ] 

Kerne  I Cal  I (SendMessagel 

ReadL i nkPasswor d (L . L  addr ] , 
NetworkProcess) ] 

L.CyclePosi tion  <-  ReadL i nkPassword 
else  /ft  resources  are  not  available  ft/ 
NoLink  (ResourcesNotAvai I  able! 

end 

else  /ft  not  a  legal  request  ft/ 

NoLink (I  I  legal  Request] 

end 

exit:  N"L.Cyc I ePos i t ion  ■ 

i f  Lega I 
i 

ResourcesAvai table 
then  ReadL i nkPassword 
else  L.CyclePosi tion 
end 

N"PendingRequests  - 
i  t  Legal 

S 

ResourcesAva liable 
then  Append (PendingRequests, Entry) 
else  PendingRequests 
end 
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where  Entry  «  xflsgld  ■  new  (Message  I  d) , 

Kind  -  Ur  I teAndReadL Ine, 

Commend  »  Undefined, 

Responses  •  (Respondent  ■  NetworkProcese, 
Text  •  ni I , 

State  ■  NoResponse>l > 

Kerne  I  Ce  II  ed  (Stndflessage  (NetworkProcese)  1 
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NKCPS,  NKCPSj 
anc/  response 
autnor I  rat  Ion 


uovacn  nonenerao 

i  * 


i  _  - 7  ^  i  itMutfi  rrom  proc««*/. 

prowls  PP0C*,,>  t0  r#Nnqui#h  *»«vlee  request  from 


givent  Rscldrt  OevIceAddress 
Processj  ProcessName 
Users  Virtual Mach i neName 


orror 


on 


-I  for  some  INtNkcpEntry)  In  CurrentNkepss 
(N. Process  -  Process 
S 

for  ?sn*J.N!n‘v,1Entry)  ln  N-vn*» 

(Vfl. VflNeme  »  User) 


for  some  (AjAttachadOeviceEntry) 

/a  „  i?  N.AttachedDeviceai 

(A. Raddr  •  Raddr)) 

4 

for  some  (NSiNonshnrableOr i veEntry) 

(NS. Raddr  .  R,d«r  "“'"'•■■•'•Or l*.a, 

NS. At  tachedProcesa  •  Process)) 


actions  Kernel  Cal  I [Re I esseDev ice (NS. Raddr)) 
if  uovicsReleased 

then  NS. State  <-  Aval (able 

N. At tachedOe vices  <-  Removal 

N. At  tachedOavl ces, 
A  3 

-ernelCal  I  tSeudflesssgel 

Avai labia  (NS. Raddr] , 

GpProcessl) 

Kerne  I Cal  I  tSendflessage  I 

OeviceUse  Riser, NS. Raddr] , 
AcntProcess)] 

else  Kurr.eiCal  I  (Sendflessagei 

NctDeteched  INS.  R.*ddr,  Process) . 

OpPr ocessll 

Kerne ir# 1 1 ISendhessege I 

NotDotached INS. Raddr), 
NS.AttcciiedProcess)) 
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OMit*  N"NS. State  - 

it  OeviceReleaeed 
then  Available 
else  NS. State 
end 

N"N. A t tachedOav Iceo  «. 

It  OeviceReleaeed 

^•n  2* jova  tN, A  t  tachedOav I  cae,  A) 
elea  N. At tachedOav i cae 
end 

5er n® 1  £* 1 1 ed  (Re I eaaeOev i ce (NS. Raddr ) J 

i  r£?;iK;.nf  «'**•  <*••>  > 

then  KernelCal led(Sendheaeage(AcntProceee)3 
end  ,f«rf’«|CalledtSendf1eeaage<NS.AttachedProca»e)] 


« 
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NKCP7:  Purge  NKCP 


given:  Process:  ProcessNama 
entry:  true 

error  on  ~(for  soma  (N:NkcpEntry)  in  CurrentNkcps: 
(N. Process  -  Process 
& 

Empty  IN.Vfl!.] 

& 

Empty tN.AttachedOevIcesl 
S 

Empty  IN. Links! ) ) 

exit:  N" CurrentNkcps  »  Remove  [CurrentNkcps, N] 
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<ERN1»  message  from  Kernel,  re  shared  device  availability 

givem  Retldr!  DeviceAddrass 
Volume!  Volumeld 

Curren  tS  t* tuei  Sh«r*b I *0r I v*S tetus 

error  on  ^ShjrableOr i veEntry)  | h  SharablaOr lv#a, 

& 

(CurrentStetua  -  AttachadToSyatam  -> 

(for  tome  (V> SharedVo I umeEntry) 

...  ...  In  SharedVo I umest 
(V, Volume  -  Volume))))) 

action!  if  S. State  -  AttachedToSyatem 

then  If  CurrentStatua  •  AttachadToSyatam 
than  If  Volume  S.llountedVolume 

than  If  for  tome  UltlllniDi  akEntry) 
in  IllniOi ak?t 
(M. Con tanning Volume  ■ 
S.llountedVolume 

•''Empty  Tft.  CurrantL  i  nka) ) 
than  /a  security  error: 
wrong  volume 
in  use  »>/ 
error 

else  />»  old  volume  not  in 

i  .  i\i  t  i  r.y8®1  0*  t0  9u'tch  >>/ 

let  (Vo I dt SharedVo t umeEntry) 
in  SharedVo I umes: 

(Void. Volume  » 
S.llountedVolume 
4 

veld. State  ■  Mounted 
& 

Vold.MountedOevice  ■ 

S.Raddr)  in 

let  (Vnew: SharedVo l umeEntry) 
in  SharedVo I umes! 

(Vnew. Volume  •  Volume)  in 
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I  f  Dominates C 
S.SecLevel , 

Vneu.Seclevel) 
then  S.MountedVolume  <- 
Vneu. Volume 
Void. State  <- 

NotMounted 
Vo  I d. Moun tedOev I ce 
ni  I 

Vneu. State  <- 

Mounted 

Vnou. Moun  tedOev I ce 
S.Raddr 
Kerne  I  Cal  I t 

Dr  i veMa tchesVo I ume ( 
Raddr, Volume) ] 
else  KernelCal I  t 
Dr  I veOoesNo tMetchVo I ume ( 

Raddr, Vo  I  urns)] 
end 
end 

else  /ft  OK:  same  volume, 

same  state  ft/ 

KernelCal I [Dr iveMa tchesVo I ume ( 
Raddr, Volume) ) 
end 

/ft  old  state  -  attached  to  system, 
neu  state  ■  not  attached: 
update  table  entries  ft/ 
let  (V:SharedVolumeEntry) 

in  SharedVolumes: 

(V. Volume  -  S.MountedVolume 
£ 

V. State  -  Mounted 

£ 

V.MountedOevice  ■  S.Raddr)  In 
V. State  <-  NotMounted 
V.MountedOevice  <-  nil 
S.MountedVolume  <-  ni I 
S. State  <-  CurrentStatus  ■ 
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Accounting  Process 
Semi -Forma I  Description 

This  section  contains  a  semi-formal  description  of  the  Accounting 
Process  of  KVfl/370. 


Data  Types 


primitive  types  and  structuring  mechanisms: 

boolean  [unordered,  tuo  elements:  true,  false] 

string  [unbounded,  predefined  string  of  length  zero:  nil] 

set  (of  any  type,  predefined  empty  set:  nil] 

record  [field  list! 


undefined  types: 

Virtual  tlach  i  neName 

ProcessName 

Mcssageld 


Account i ngRecord: 
record 

User:  Vir tua I  Mach i neName 
Postings:  set  of  string 

end 


Data  Structures 


Accounting:  set  of  Account i ngRecord 
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Initial  Cond i t I ons 
Empty  [Accounting] 


Invariant  Assertions 

f°r(Al  A2l5C/lOUnt  ,n9«fcorcJ}  in  Accounting: 

i/U.Uoer  »  A2.User  ->  A1  •  A2) 

& 

fOr/apL!^:MCS0U?^i^?1ffC0^d,  in  Account  ing: 
<~fcmpty  (A. Post ingsi J 


Global  Macros  /  Functions 

primitive  macros  /  functions: 
Append  [set. entry] 
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MsgAuth:  process 

/*  subdriver  of  AcntProcess, 

handling  messages  from  AuthProcess  */ 

given:  Text:  string 

entry:  just  received  message.  Source  -  AuthProcess 

action:  error  on  HsgName tTextl  ~inset  ISystemResourceUse, 

Devicellse) 


end  flsgAuth 


AUTH1 
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HogOpt  process 


/•ft  subdriver  of  AcntProcess, 

handling  messages  from  OpProcess  ft/ 

g.ven:  fisc; I  dt  Message! d 
Textt  string 

ontryt  just  received  message.  Source  -  OpProcess 

action!  error  on  MsgName tTsxtl  ~inset  (ACNT«-PUNCH. 

SHUTDOWN) 

end  DsgOp 
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AcntOrlver:  process 

/ft  driver  of  AcntProcess  ft/ 


case  HouUeGotHere  of 

External  Interrupt: 

case  I nterruptSubType  of 
Message: 

case  Source  of 

OpProcess:  MsgOp 

Auth:  MsgAuth 

other:  /ft  anybody  else  talk 

with  AcntProcess?  ft/ 


end 


other: 

/ft  any  other  external  interrupts?  */ 

end 

other: 

/*  any  other  important  interrupt  classes?  ft/ 

end 

KernelCal I  (Rccei velnterruptsl 
Kerne  I  Cal  I  IRcleaseCPUl 


end  AcntOriver 
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AUTHlt  Accounting  record  from  Nkcp  via  Authorization  Process: 
System  Resource  Use  or  Oevice  Use 


given:  User:  VirtualtlachineName 
Text;  string 

entry:  true  /#  user  id  has  been  validated  by  AuthProcsss 

prior  to  the  sending  of  this  message  ft/ 

action:  if  for  some  (A: Account ingRecord)  In  Accounting: 

A. User  ■  User 

then  / v<  user  id  already  exists  in  data  base  */ 
A. Postings  <-  Append  IA. Post ings, Text) 
else  /ft  user  id  does  not  exist  in  data  base: 
add  i  t  ft/ 

Accounting  <-  Append [Account i ng, 

<User  •  User. 

Postings  ■  Appendtni I , Text] >] 
end 

exit:  for  some  (A: Account ingRecord)  in  Account ing: 

(A. User  -  User 
& 

for  some  <S:string)  in  A. Postings: 

S  ■  Text) 
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0P1:  Operator  command  to  re- ini t i al I ze  the  accounting  data  base 

entry*  true 

exits  N" Accounting  -  nil 

Kerne  I Ca 1 1 ed  tSendflessage (OpPr ocsss)  ] 
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Updater  Proceea 
Semi -Forma I  Description 

This  section  contains  a  semi-formal  description  of  the  Updster 
Process  of  KVfl/370. 


Data  Types 


primitive  types  and  structuring  mechanisms! 

boolean  [unordered,  tuo  elements:  true,  false] 

string  [unbounded,  predefined  string  of  length  zero:  nil] 

integer  subrange 

scalar  [ordered  element  list] 

9et  [of  any  type,  predefined  empty  set:  nil] 
record  [field  list] 


undefined  types: 

DoviceAddress 
L i neAddress 
ProcessName 
V i r  tualtlachineName 
Volume  Id 


undefined  functions  /  macros: 

Dominates 
OeviceType 
0Cy I inders 


Accesshodes:  scalar! 
Road, 

Ur  i  te) 


Poss i bi eEntr i es:  scalar! 
Pag i ng, 

Spoo I i ng, 

M  i  n  i  D  i  sk , 
Unknoun, 

System) 
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DirectoryEntry: 

record 

Uocridi  VlrtuelflachineName 
LocionPassword:  string 
OialPassword:  string 
L i nkPassword:  string 
flnxSccLcve  I :  ProcessNems 
MinSccLevel :  ProcessNems 

OedicatedDevices:  set  of  OedlcatedOeviceEntry 
Links:  set  of  NOUnkEntry 
lplOo fined:  boolean 

AccessPassuords:  set  of  AecessPassuordEntry 

end 

L I ncEntry: 

record 

Lacldr:  LlneAddress 

fl  i  nSecLeve  I :  ProcessName 

MaxSecLeve I :  ProcessName 

end 


AecessPassuordEntry: 

record 

SecLeve I :  ProcessName 
Passuord:  string 

end 


OedicateoOeviceEntry: 

record 

Raddr:  Dev i ceAddress 
Vo  I SecLeve I :  ProcessName 
Access:  set  of  AecessModes 

end 


MOL i nkEntry: 

record 

MDName:  MiniQiskName 
Access:  set  of  AecessModes 

end 


URPOunedOcv i ceEntry: 
record 

Raddr:  Oevi ceAddress 
MaxSecLeve I :  ProcessName 
II  i  nSecLeve  I :  ProcessName 

end 
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Nonoharab I cOr 1 veEntry: 
record 

Raddr:  OevicsAddress 
MaxSecLevel:  ProceesName 
MinSecLsvel:  ProcassName 

end 


Shar ab I eOr 1 veEntryi 
record 

Raddr t  OevIceAddrese 
SecLevel:  ProceasName 

end 


SharedVol^meEntryt 

record 

Volume:  Volume Id 
SecLevel:  ProceesName 
Map:  set  of  CylMap 

end 


CylMap: 

record 

Cylinders:  (1. ./tflaxCy I inders, 

1. . #MaxCy I inders) 
Category:  PossiblaEntr ies 

end 

MiniOi skEntry: 

record 

MDName:  MiniOiskName 
ContainingVolume:  Volumeld 
Cylinders:  (1. , #MaxCyl inders, 

1. . #Ma*Cyl inders) 
SecLevel:  ProcessName 
AccessControlList:  set  of  ACLEntry 

end 


ACLEntry: 

record 

User:  Vir tualMachineName 
Access:  set  of  AccsssModes 
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Data  Structures 

constant  /ftlaxCyl  inders:  posK.ve  integer 
URPOunedOevices:  set  of  URPQwnedOevIceEntry 
Nonoharab I eDr i vess  set  of  NonsharableDrlveEntry 
SharablcOr Ives:  set  of  SharableOr IveEntry 
SharedVolumesi  set  of  SharedVolumeEntry 
IliniOioks:  sot  of  MiniOi skEntry 
Lines:  sot  of  LincEntry 
UacrOirectory:  set  of  OirectoryEntry 
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entryi  true 

exit:  Di at inctOevIceAddreaeee 

4 

L ega I UaerOi rectory 
4 

LegalL inea 
4 

LeoalfliniOiake 

4 

lejia  I  Shar  edVo  I  umea 
4 

Lena  I Shar ab I eDr I vea 

4 

le?:a I Nonaherab I aOr I vea 
& 

Leqa I URPOwnedOev i cea 


Di  at inctOeviceAddreasea  - 

for  all  (U:URPOunedOeviceEntry)  In  URPOwnedDevices: 

(for  all  (NS:NonaharableDr I veEntry)  In  NonaharableDrlvee: 
(U.Raddr  «*»  NS.Raddr) 

4 

for  all  (S : Sharab I eOri veEntry)  in  SharableDr i ves: 
(U.Raddr  S.Raddr)) 

4 

for  all  (NS:NonsharableOr i veEntry)  in  NonaharableDrlvee: 
for  all  (S:SharableOr I veEntry)  in  Sharab I eDr I ves: 
NS.Raddr  —  S.Raddr 
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Leya  I Ded i  catedDev  ices  (U : □  i  rec toryEntryl  - 

for  all  (El ,E2:Dedicated0eviceEntry)  in  U. Ded i catedDev i ces: 
(El.Raddr  »  E2.Raddr  ->  El  •  E2) 

& 

for  all  (E:DedicatedOeviceEntry)  in  U.DedicatedDevices: 
for  some  (QiURPOunedDeviceEntry)  in  URPOwnedOevices: 
(D.Raddr  ■  E.Raddr 
« 

(OeviceType [E.Raddr]  ■  Reader  ■> 

(E. VolSecLevel  •  ni I 
& 

E. Access  -  IReadl ) ) 

& 

(OeviceType [E.Raddr]  inset  {Printer,  Punch]  »> 

(E. VolSecLevel  ■  ni I 
& 

E. Access  -  (Ur i tel ) ) 

& 

(OeviceTypetRaddr]  ■  TapeOrive  ■> 

(Dom i na  tes [0. HaxSecLeve I , E. Vo  I SecLeve I ] 

& 

Oomi nates (E. Vo  I SecLeve I , D.H i nSecleve I ] 

& 

Dom  i  na  tes  (U.  flaxSecLeve  I ,  E .  Vo  I  SecLeve  I  ] 

& 

~Empty  CE. Access]  I ) 

xor 

for  some  (OiNonsharabieDriveEntry)  in  Nonsharab I eDr i ves 
(D.Raddr  -  Raddr 
& 

Dominates  CO.MaxSecLevel ,E. VolSecLevel] 

& 

Dominates  (E. VolSecLevel .D.ttinSscLevel] 

& 

Dominates  CU.MaxSecLeve I ,E. VolSecLevel  ] 

S 

-vEmpty  CE. Access] ) 
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LcgalL i nks CU: 0 i rectoryEntryl  - 

for  all  (LI . L2 : MDL inkEntry)  in  U. Links: 

(Ll.MDNane  -  L2.M0Name  ->  LI  -  L2) 

& 

for  all  (L: MDL inkEntry)  in  U. Links: 

for  some  (H:HiniOi skEntry)  in  HiniDisks: 

(M.MONarae  -  L.MDName 
& 

for  some  (A:ACLEntry)  in  H.AccessControlLi st: 
(A. User  *  U. Userid 
& 

for  all  (AH: AccessModes)  in  L. Access: 

AH  inset  A. Access) 

& 

Dominates  tU.HaxSecLevel ,H. SecLeve 1 3 ) 

& 

-Empty (L. Access) 
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Leya  I AccessPassuords  [U:OirectoryEntry]  - 

for  all  (A1 , A2: AccessPasswordEntry)  In  U. AccessPoSswor ds: 
(Al.SecLevel  -  A2.SecLevel  ■>  Ai  ■  A2) 

& 

for  all  '\: AccessPassuordEntry)  in  U.AccessPasswordss 
(Oominates  (U.flaxSecLeve I , A.SecLeveU 
& 

Dom i na t es (A. SecLeve I , U. M i nSecLeve I ] ) 
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LegalLines  ■ 

for  all  (LI ,L2sL ineEntry)  in  Lines: 
(Ll.Laddr  -  L2.Laddr  ->  LI  »  L2) 

& 

for  all  (L:L ineEntry)  in  Linesj 

Dom i na  t  e  s  IL . MaxSecLeve I , L . H i nSecLeve 1 1 
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LegalMiniOi ska  * 

for  all  (Ml  ,M2:MiniOI  skEntry)  in  MiniDlsksi 
(Ml.MONamc  -  M2.M0Name  •>  Ml  -  M2) 

& 

for  all  (MsMiniOiskEntry)  inMiniQiska: 

(3.1)  (LegalContainingVolumelMl 

i 

M.Cy I inders. 1  <  M.Cyl inders.2 
<S 

M.Cyl inders.2  <■  #Cyl Inders  (M.ContainlngVo luma) 
& 

M.Cyl Inders.l  <  tfCyl inders [M.ContainingVo I ume) 

& 

(3.2)  LegalAccessControlL i st (Ml ) 
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Lepa i Con t a i n i ncjVo I umo (fli  fl  i  n  iO  i sKEn try]  • 
for  some  (SiSharedVolumeEntry)  in 
(S. Volume  •  M.ContainingVolume 

<5 


Shar®dVolumesi 


Dominates  IS. SecLave I , fl. SecLeve 1 1 ) 
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LegalAccessControlList  (MtMiniOi sKEntry]  • 

for  all  (A1 . A2: ACLEntry)  in  II.AccessControlLI sti 
(Al.User  •  A2.User  *>  Al  •  A2) 

4 

for  all  (A:ACLEntry)  in  H. AcceseControlLi at: 

(for  some  (OsOirectoryEntry)  in  UserDirectoryt 
(D. Userid  ■  A. User) 

« 

•■Empty  (A.  Access] ) 
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LegalSharedVolumes  • 

for  all  (SI ,S2:SharedVo!umeEntry)  in  SharedVolumes: 
(SI. Volume  -  S2. Volume  ->  SI  ■  S2) 

S 

for  ail  (SsSharedVolumeEntry)  in  SharedVolumes: 
(Legal Map  IS  1 ) 


(4.1) 
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LecjalMaptStSharedVolumcEntry]  » 

/it  non-overlap  */ 
for  all  (Ml.M2sCylM?o)  in  S.Mapt 
(Ml . Cylinders. 1  >  M2.Cy I indare.2 
or 

Ml .Cy I inders.2  <  M2.Cy I  indart. 1) 

& 

for  all  (MtCylMap)  in  S.Mapt 
(/*  each  entry  non-empty  it/ 

M.Cy I inders.2  >  M.Cy I inders. 1 
S  ' 

/i<  no  cylinders  unaccounted  for  »/ 

M.Cyl  inders. 2  *>■  #Cy I  inders CS1  •> 
for  some  (MltCylMap)  in  S.Maps: 

Ml .Cy I inders. 1  ■  M.Cyl inders.2  +  1) 

& 

for  some  (MtCylMap)  in  S.Mapi 
(M.Cyl inders. 1  ■  1) 

& 

/it  each  MiniOisk  actually  logged  */ 
for  all  (M:CylMap)  in  S.Mapt 
(M. Category  -  MiniOisk  -> 

for  some  (MOtMiniOi skEntry)  in  MiniDisks: 
(MO. Con  ta i n i ngVo I ume 
& 

MO. Cylinders  -  M.Cy I inders) ) 
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Leya iSharableDr I ves  • 

for  all  (S01,SD2tSherableOr i vsEntry)  in  SharableDr ivest 
SOl.Raddr  *  SD2.Reddr  ■>  SD1  ■  SD2 
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Leya  I  Nonchar ab I eDr Ives  ■ 

for  all  (NS1 ,NS2iNonsherebleDr IveEntry)  In  NonsharableDr Ivest 
(NSl.Raddr  -  NS2.Raddr  ->  NS1  -  NS2) 

& 

for  al  I  (NStNonsharableDr IveEntry)  In  NonsharableDr I  vest 
Dominates  INS.flaxSecLevel ,  NS.HInSecLevel  ] 


